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Product Registration, Support, and Documentation 


Register your product at http://www.NETGEAR.com/register. Registration is required before you can use our telephone 
support service. Product updates and Web support are always available by going to: 
http://www.netgear.com/support. 


Setup documentation is available on the CD, on the support website, and on the documentation website. When the 
wireless router is connected to the Internet, click the Knowledgebase or the Documentation link under Web Support in 
the main menu to view support information. 


Trademarks 


NETGEAR and the NETGEAR logo are registered trademarks, and Smart Wizard is a trademark of NETGEAR. Inc. in 
the United States and/or other countries. Microsoft, Windows, and Windows NT are registered trademarks and Windows 
Vista is a trademark of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks 
of their respective holders. 


Statement of Conditions 


In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to 
make changes to the products described in this document without notice. 


NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit 
layout(s) described herein. 


Certificate of the Manufacturer/Importer 


It is hereby certified that the N600 Wireless Dual Band Router WNDR3400 has been suppressed in accordance with the 
conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example, 
test transmitters) in accordance with the regulations may, however, be subject to certain restrictions. Please refer to the 
notes in the operating instructions. 


Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market 
and has been granted the right to test the series for compliance with the regulations. 


Bestatigung des Herstellers/Importeurs 


Es wird hiermit bestätigt, dab das N600 Wireless Dual Band Router WNDR3400 gemäß der im BMPT-AmtsbIVfg 243/ 
1991 und Vfg 46/1992 aufgeführten Bestimmungen entstórt ist. Das vorschriftsmáfiige Betreiben einiger Geräte (z.B. 
Testsender) kann jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der 
Betriebsanleitung. 


Das Bundesamt für Zulassungen in der Telekommunikation wurde davon unterrichtet, daß dieses Gerät auf den Markt 
gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen. 


Regulatory Compliance Information 


This section includes user requirements for operating this product in accordance with National laws for usage of radio 
spectrum and operation of radio devices. Failure of the end-user to comply with the applicable requirements may result 
in unlawful operation and adverse action against the end-user by the applicable National regulatory authority. 
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NOTE: This product's firmware limits operation to only the channels allowed in a particular Region or Country. 
Therefore, all options described in this user's guide may not be available in your version of the product. 


Europe - EU Declaration of Conformity C 4 ® 


Marking by the above symbol indicates compliance with the Essential Requirements of the R&TTE Directive of the 
European Union (1999/5/EC). This equipment meets the following conformance standards: 


EN300 328 (2.4Ghz), EN301 489-17, EN301 893 (bGhz), EN60950-1 


For complete DoC please visit the NETGEAR EU Declarations of Conformity website at: 
http://kb.netgear.com/app/answers/detail/a id/11621/ 


Europe - Declaration of Conformity in Languages of the European Community 


Cesky [Czech] | NETGEAR Inc. tímto prohlašuje, Ze tento Radiolan je ve shode se základními 
požadavky a dalšími príslušnými ustanoveními smernice 1999/5/ES. 
Dansk Undertegnede NETGEAR Inc. erklærer herved, at følgende udstyr Radiolan overholder 
[Danish] de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF. 
Deutsch Hiermit erklärt NETGEAR Inc., dass sich das Gerät Radiolan in Übereinstimmung mit 
[German] den grundlegenden Anforderungen und den übrigen einschlägigen Bestimmungen der 
Richtlinie 1999/5/EG befindet. 
Eesti Käesolevaga kinnitab NETGEAR Inc. seadme Radiolan vastavust direktiivi 1999/5/EU 
[Estonian] põhinõðuetele ja nimetatud direktiivist tulenevatele teistele asjakohastele sätetele. 
English Hereby, NETGEAR Inc., declares that this Radiolan is in compliance with the essential 
requirements and other relevant provisions of Directive 1999/5/EC. 
Español Por medio de la presente NETGEAR Inc. declara que el Radiolan cumple con los 
[Spanish] requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la 
Directiva 1999/5/CE. 
EXAnvikiü ME THN HAPOYZA NETGEAR Inc. AHAQNEI OTI Radiolan ZYMMOPOONETAI 
[Greek] IIPOX TIX OYXIOAEIX AIIAITHXEIX KAI TIX AOIIIEX EXETIKEX AIATAZEIX THX 
OAHTTAX 1999/5/EK. 
Francais Par la présente NETGEAR Inc. déclare que l'appareil Radiolan est conforme aux 
[French] exigences essentielles et aux autres dispositions pertinentes de la directive 1999/5/CE. 


Italiano [Italian] 


Latviski 
[Latvian] 


Lietuviu 
[Lithuanian] 


Con la presente NETGEAR Inc. dichiara che questo Radiolan é conforme ai requisiti 
essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999/5/CE. 


Ar $0 NETGEAR Inc. deklare, ka Radiolan atbilst Direktivas 1999/5/EK bütiskajam 
prasibam un citiem ar to saistitajiem noteikumiem. 


Siuo NETGEAR Inc. deklaruoja, kad Sis Radiolan atitinka esminius reikalavimus ir kitas 
1999/5/EB Direktyvos nuostatas. 
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Nederlands 
[Dutch] 


Hierbij verklaart NETGEAR Inc. dat het toestel Radiolan in overeenstemming is met de 
essentiéle eisen en de andere relevante bepalingen van richtlijn 1999/5/EG. 


Malti [Maltese] 


Hawnhekk, NETGEAR Inc., jiddikjara li dan Radiolan jikkonforma mal-htigijiet 
essenzjali u ma provvedimenti ohrajn relevanti li hemm fid-Dirrettiva 1999/5/EC. 


Magyar 
[Hungarian] 


Alulírott, NETGEAR Inc. nyilatkozom, hogy a Radiolan megfelel a vonatkozó alapvetó 
kóvetelményeknek és az 1999/5/EC irányelv egyéb elóírásainak. 


Polski [Polish] 


Niniejszym NETGEAR Inc. oświadcza, ze Radiolan jest zgodny z zasadniczymi 
wymogami oraz pozostalymi stosownymi postanowieniami Dyrektywy 1999/5/EC. 


Portugués NETGEAR Inc. declara que este Radiolan está conforme com os requisitos essenciais 

[Portuguese] e outras disposições da Directiva 1999/5/CE. 

Slovensko NETGEAR Inc. izjavlja, da je ta Radiolan v skladu z bistvenimi zahtevami in ostalimi 

[Slovenian] relevantnimi določili direktive 1999/5/ES. 

Slovensky NETGEAR Inc. týmto vyhlasuje, e Radiolan splita základné po_iadavky a všetky 

[Slovak] príslušné ustanovenia Smernice 1999/5/ES. 

Suomi NETGEAR Inc. vakuuttaa täten että Radiolan tyyppinen laite on direktiivin 1999/5/EY 

[Finnish] oleellisten vaatimusten ja sitä koskevien direktiivin muiden ehtojen mukainen. 

Svenska Härmed intygar NETGEAR Inc. att denna Radiolan står | överensstämmelse med de 

[Swedish] väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av direktiv 
1999/5/EG. 

Íslenska Hér með lýsir NETGEAR Inc. yfir því að Radiolan er í samræmi vió grunnkröfur og aðrar 

[Icelandic] kröfur, sem gerðar eru í tilskipun 1999/5/EC. 

Norsk NETGEAR Inc. erklærer herved at utstyret Radiolan er i samsvar med de 


[Norwegian] 


grunnleggende krav og øvrige relevante krav i direktiv 1999/5/EF. 


This device is a 2.4 GHz wideband transmission system (transceiver), intended for use in all EU member states and 
EFTA countries, except in France and Italy where restrictive use applies. 


In Italy the end-user should apply for a license at the national spectrum authorities in order to obtain authorization to use 
the device for setting up outdoor radio links and/or for supplying public access to telecommunications and/or network 
services. 


This device may not be used for setting up outdoor radio links in France and in some areas the RF output power may be 
limited to 10 mW EIRP in the frequency range of 2454 — 2483.5 MHz. For detailed information the end-user should 
contact the national spectrum authority in France. 


FCC Requirements for Operation in the United States 
FCC Information to User 


This product does not contain any user serviceable components and is to be used with approved antennas only. Any 
product changes or modifications will invalidate all applicable regulatory certifications and approvals 
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FCC Guidelines for Human Exposure 


This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment 
should be installed and operated with minimum distance of 20 cm between the radiator and your body. 


This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. 


FCC Declaration Of Conformity 


We NETGEAR, Inc., 350 East Plumeria Drive, San Jose, CA 95134, declare under our sole responsibility that the model 
WNDR3400 N600 Wireless Dual Band Router WNDR3400 complies with Part 15 of FCC Rules. Operation is subject to 
the following two conditions: 


* This device may not cause harmful interference, and 


* This device must accept any interference received, including interference that may cause undesired operation. 


Federal Communication Commission Interference Statement 


This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of 
the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the 
equipment is operated in a commercial environment. This equipment generates, uses and can radiate radio frequency 
energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio 
communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case 
the user will be required to correct the interference at his own expense. 


If this equipment does cause harmful interference to radio or television reception, which can be determined by turning 
the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following 
methods: 


*  Reorient or relocate the receiving antenna. 
* Increase the separation between the equipment and the receiver. 
* Connect the equipment into an electrical outlet on a circuit different from that which the radio receiver is connected. 


* Consult the dealer or an experienced radio/TV technician for help. 


FCC Caution: 


* Any changes or modifications not expressly approved by the party responsible for compliance could void the user's 
authority to operate this equipment. 


* This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This 
device may not cause harmful interference, and (2) this device must accept any interference received, including 
interference that may cause undesired operation. 


e For product available in the USA market, only channel 1~11 can be operated. Selection of other channels is not 
possible. 


* This device and its antenna(s) must not be co-located or operation in conjunction with any other antenna or 
transmitter. 


Country Code Statement 


For products available in the USA/Canada market, only channel 1~11 can be operated. Selection of other channels is not 
possible. 


This device and its antenna(s) must not be co-located or operated in conjunction with any other antenna or transmitter. 
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This device is going to the operated in 5.15~5.15GHz frequency range, and is restricted to an indoor environment only. 
IMPORTANT NOTE: 


Radiation Exposure Statement: 

This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment 
should be installed and operated with minimum distance 20cm between the radiator and your body. 

This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. 


The availability of some specific channels and/or operational frequency bands are country dependent and are firmware 
programmed at the factory to match the intended destination. The firmware setting is not accessible by the end user. 


Canadian Department of Communications Radio Interference Regulations 


This digital apparatus (TBD) does not exceed the Class B limits for radio-noise emissions from digital apparatus as set 
out in the Radio Interference Regulations of the Canadian Department of Communications. 


Voluntary Control Council for Interference (VCCI) Statement 


This equipment is in the Class B category (information equipment to be used in a residential area or an adjacent area 
thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing 
Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas. 


When used near a radio or TV receiver, it may become the cause of radio interference. Read instructions for correct 
handling. 


Caution: 


The device for the band 5150-5250 MHz is only for indoor usage to reduce potential for harmful interference to co- 
channel mobile satellite systems. 


High power radars are allocated as primary users (meaning they have priority) of 5250-5350 MHz and 5650-5850 MHz 
and these radars could cause interference and/or damage to LE-LAN devices. 


N600 Wireless Dual Band Router WNDR3400 


Tested to Comply 


with FCC Standards 
FOR HOME OR OFFICE USE 


Modifications made to the product, unless expressly approved by NETGEAR, Inc., could void the user's right to operate 
the equipment. 


Maximum Wireless Signal Rate Derived from IEEE Standard 802.11 Specifications 


Actual data throughput will vary. Network conditions and environmental factors, including volume of network traffic, 
building materials and construction, and network overhead, lower actual data throughput rate. 
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Product and Publication Details 


Model Number: WNDR3400 

Publication Date: June 2010 

Product Family: Wireless Router 

Product Name: N600 Wireless Dual Band Router WNDR3400 
Home or Business Product: Home 

Language: English 

Publication Part Number: 202-10581-01 
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About This Manual 


The user manual provides information for configuring the features of the NETGEAR® N600 
Wireless Dual Band Router WNDR3400 beyond initial configuration settings. Initial 
configuration instructions can be found in the NETGEAR Wireless Router Setup Manual. You 
should have basic to intermediate computer and Internet skills. 


Conventions, Formats, and Scope 


The conventions, formats, and scope of this manual are described in the following paragraphs: 


* Typographical conventions. This manual uses the following typographical conventions: 


Italic Emphasis, books, CDs 

Bold User input, IP addresses, GUI screen text 
Fixed Command prompt, CLI text, code 

Italic URL links 


* Formats. This manual uses the following formats to highlight special messages: 


Note: This format is used to highlight information of importance or special interest. 


gQ Tip: This format is used to highlight a procedure that will save time or resources. 


Warning: Ignoring this type of note might result in a malfunction or damage to the 
equipment, a breach of security, or a loss of data. 
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e Scope. This manual is written for the WNDR3400 router according to these specifications: 


Product Version N600 Wireless Dual Band Router WNDR3400 
Manual Publication Date June 2010 


For more information about network, Internet, firewall, and VPN technologies, see the links to the 
NETGEAR website in Appendix B, “Related Documents.” 


Note: Product updates are available on the NETGEAR, Inc. website at 
— http://www.netgear.com/support. 


How to Print This Manual 


To print this manual, your computer must have the free Adobe Acrobat reader installed in order to 
view and print PDF files. The Acrobat reader is available on the Adobe Web site at 
http://www.adobe.com. 


E | t Tip: If your printer supports printing two pages on a single sheet of paper, you can 
2 5 save paper and printer ink by selecting this feature. 


Revision History 


NETGEAR, Inc. is constantly searching for ways to improve its products and documentation. The 
following table indicates any changes that might have been made since the WNDR3400 router was 
introduced. 


Table 1-1. Publication Revision History 


vemp ONSE 


June 2010 Original publication. 
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Chapter 1 
Configuring Your Internet Connection 


This chapter describes how to configure your WNDR3400 router Internet connection. When you 
install your wireless router using the Resource CD as described in the NETGEAR Router Setup 
Manual, these settings are configured automatically for you. This chapter provides instructions on 
how to log in to the wireless router for further configuration. 


Note: NETGEAR recommends using the Smart Wizard™ on the Resource CD for initial 
ER configuration, as described in the NETGEAR Wireless Router Setup Manual. 


This chapter includes: 

* "Using the Setup Manual" 

* "Logging In to Your Wireless Router" on page 1-2 

e “Selecting a Language for Your Screen Display" on page 1-4 

* "Using the Setup Wizard" on page 1-6 

e “Viewing or Manually Configuring Your ISP Settings" on page 1-6 


Using the Setup Manual 


For first-time installation of your wireless router, refer to the NETGEAR Router Setup Manual. 
The Setup Manual explains how to launch the NETGEAR Smart Wizard on the Resource CD to 
step you through the procedure to connect your router, modem, and computers. The Smart Wizard 
will assist you in configuring your wireless settings and enabling wireless security for your 
network. After initial configuration using the Setup Manual, you can use the information in this 
Reference Manual to configure additional features of your wireless router. 


For installation instructions in a language other than English, see the language options on the 
Resource CD. 
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Logging In to Your Wireless Router 


You can log in to the wireless router to view or change its settings. 


- — | Note: Your computer must be configured for DHCP. For help with configuring DHCP, 
see the documentation that came with your computer or see the link to the online 
document in Preparing Your Network" in Appendix B. 


To log in to the wireless router: 


1. Type http://www.routerlogin.net, or http://www.routerlogin.com, or the router's LAN IP 
address (default is 192.168.1.1) in the address field of your browser, and then press Enter. A 


login window displays: 


User name: £i admin 


Password: seccccee 


Remember my password 


Figure 1-1 


2. Enter admin for the router user name and your password (or the default, password). For 
information about how to change the password, see “Changing the Built-In Password” on 


page 3-2. 


Note: The router user name and password are not the same as any other user name or 
TEM password you might use to log in to your Internet connection. 
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The Checking for Firmware Updates screen displays unless you previously cleared the Check 
for Updated Firmware Upon Log-in check box. 


Checking for Firmware Updates 


The router is checking the NETGEAR server to see if upda 
available for your router. 


This could take up to 90 seconds, please wait .. 
ll 


[v] Check for Updated Firmware Upon Log-in 


Cancel 


Figure 1-2 

If the router discovers a newer version of the software, you are asked if you want to upgrade to 
the new software (see "Upgrading the Router Firmware" on page 4-1 for details). If no new 
firmware is available, the following message displays. 


Firmware Version Check 


No New Firmware Version Available. 


Figure 1-3 
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3. The Basic Settings screen displays showing the wireless router's settings. 


Select Language 
SMARTWIZAR D'| router manager | English v| 


N600 Wireless Dual Band Router mode! WNDR3400 
Apply 


^ 1 H 
Setup Wizard — Basic Settings 
Add WPS Client 


Does your Internet connection require a login? 
| Oves 
G No 


Basic Settings 
Wireless Settings 
Guest Network 


Basic Settings Account Name (if required) WNDR3400 
Advanced Settings 


Domain Name (if required) 


Logs 
Internet IP Address 
Block Sites 


; (9 Get Dynamically from ISP 
Block Services 
Schedule O Use Static IP Address 
E-mail IP Address 


IP Subnet Mask 


Router Status 
Attached Devices 


Gateway IP Address 


Backup Settings 


Set Password 


Figure 1-4 


If the wireless router is connected to the Internet, you can click the Knowledge Base link or 
the Documentation link under Web Support to view support information or the 
documentation for the wireless router. If you do not click Logout, the wireless router waits for 
5 minutes after no activity before it automatically logs you out. 


Selecting a Language for Your Screen Display 


Using the Select Language drop-down menu, located in the upper right corner of the Router 


Manager screen, you can display the router manager screens in any of languages shown in Figure 
1-5: 
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N E T G E A R Select Language 


SMARTWIZARDN'| router manager 


N600 Wireless Dual Band Router mode! WNDR3400 


Setup Wizard | Basic Settings 
Add WPS Client 


Does your Internet connection require a login? 
O Yes 
(G No 


Basic Settings 
Wireless Settings 
Guest Network 


Basic Settings Account Name (if required) WNDR3400 | Slovenščina 
Português 


Domain Name (if required) ] Magyar 
Romana 
Logs Suomi 


Advanced Settings 


Internet IP Address Slovenčina 
(9 Get Dynamically from ISP 

Block Services 

Schedule © Use Static IP Address 

E-mail IP Address 


Block Sites 


IP Subnet Mask 


Router Status 
Attached Devices 


Gateway IP Address 


Backup Settings 


Set Password 


Figure 1-5 


The language is set to English by default. The default language, as well as German, Russian, and 
Portuguese are always stored in memory. When you select a language other than those 
automatically stored in flash memory, if you are connected to the Internet at the time you select it, 
that language is also stored in memory. 


e Ifyou are connected to the Internet and select a language that is not already stored in flash 
memory, the language is downloaded from the NETGEAR server and stored in the current 
language partition of flash memory. 


* Ifyou are not connected to the Internet when you select a language, you can only select as the 
current language one of the languages that is stored in flash memory. 


To specify a language to be used on your router manager screens, do the following: 
1. Expand the list and select the language you want. 
2. Click Apply. 


Configuring Your Internet Connection 1-5 
v1.0, June 2010 


N600 Wireless Dual Band Router WNDR3400 User Manual 


The language you select is then downloaded and displayed in the language selection box, and 
your screen display will be in the selected language. 


Note: If you are not connected to the Internet and select a language that is not stored 
in flash memory, your selection may fail. If you see a “download fails" 


message after your language selection, make sure you are connected to the 
Internet and make your selection again. 


Using the Setup Wizard 


You can manually configure your Internet connection using the Basic Settings screen, or you can 
allow the Smart Setup Wizard to detect your Internet connection. The Smart Setup Wizard 
searches your Internet connection for servers and protocols to determine your ISP configuration. 


This feature is not the same as the Smart Wizard on the Resource CD that is used for installation. 
To use the Smart Setup Wizard to assist with configuration or to verify the Internet connection 
settings, follow this procedure: 


1. From the top of the main menu, select Setup Wizard. 

2. Select Yes for the Auto-Detect Connection Type, and then click Next to proceed. 
3. Enter your ISP settings, as needed. 
4 


At the end of the Setup Wizard, click Test to verify your Internet connection. If you have 
trouble connecting to the Internet, see Chapter 8, “Troubleshooting.” 


Viewing or Manually Configuring Your ISP Settings 


To view or configure the basic settings: 


1. Login to the wireless router as described in “Logging In to Your Wireless Router" on 
page 1-2. 

2. Onthe Basic Settings screen, select Yes or No depending on whether your ISP requires a 
login. This selection changes the fields available on the Basic Settings screen. 


* Yes. If your ISP requires a login, select the encapsulation method. Enter the login name. If 
you want to change the login time-out, enter a new value in minutes. 


e No. If your ISP does not require a login, enter the account name, if required, and the 
domain name, if required. 
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3. Enter the settings for the IP address and DNS server. If you enter or change a DNS address, 
restart the computers on your network so that these settings take effect. 


4. Ifno login is required, you can specify the MAC Address setting. 
5. Click Apply to save your settings. 


6. Click Test to test your Internet connection. If the NETGEAR website does not appear within 
one minute, see Chapter 8, “Troubleshooting”. 


When your Internet connection is working, you do not need to launch the ISP's login program on 
your computer to access the Internet. When you start an Internet application, your wireless router 
automatically logs you in. 


The fields that are displayed depend on whether or not your Internet connection requires a login. 


ISP does not require login 


Account Name (If Required) 


Domain Name (f Required) 


Internet IP Address 
(9 Get Dynamically From ISP 
O Use Static IP Address 

IP Address 

IP Subnet Mask 


Gateway IP Address 


Domain Name Server (DNS) Address 
© Get Automatically From ISP 
O Use These DNS Servers 

Primary DNS 


Secondary DNS 


Router MAC Address 

© Use Default Address 

Q Use Computer MAC Address 
O Use This MAC Address 


Figure 1-6 


ISP does require login 


(GO Yes 
ONo 


Internet Service Provider 


Login 
Password 


Service Name (if required) | 


Connection Mode | Dial on Demand v 


Idle Time-out (in minutes) l5 


Internet IP Address 
© Get Dynamically from ISP 
Ouse Static IP Address 

IP Address 


Domain Name Server (DNS) Address 
(9 Get Automatically from ISP 
© Use These DNS Servers 

Primary DNS 


Secondary DNS 


The following table explains the fields in the Basic Settings screen. 
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Table 1-1. Basic Settings screen fields 


Settings 


Does Your ISP Require a Login? 


Description 


* Yes 
* NO 


These fields 
appear only if no 
login is required. 


Account Name 
(If required) 


Domain Name 
(If required) 


Enter the account name provided by your ISP. This might also 
be called the host name. 


Enter the domain name provided by your ISP. 


These fields 
appear only if 
your ISP 
requires a login. 


Internet Service Provider 


* PPTP (Point to Point Tunneling Protocol). This is used 
primarily in Austrian DSL services. 

* Other. This is the default setting. It is for PPPoE (Point to 
Point Protocol over Ethernet), the protocol used by most 
DSL services worldwide. 


Login 


Password 


Service Name 


The login name provided by your ISP. This is often an e-mail 
address. 


The password provided by your ISP. 


If your ISP provided a Service Name, enter it here. 


Connection Mode 


Idle Timeout (In minutes) 


Internet IP Address 


Specify when the router will connect to and disconnect from 

the Internet. 

* Always On. The router logs in to the Internet immediately 
after booting and never disconnects. 

* Dial on Demand. The router logs in only when outgoing 
traffic is present and logs out after the idle time-out. 

* Manually Connect. The router logs in or logs out only when 
you click Connect or Disconnect in the Router Status 
Screen. 


If you want to change the Internet login time-out, enter a new 
value in minutes. This determines how long the wireless router 
keeps the Internet connection active after there is no Internet 
activity from the LAN. Entering an Idle Timeout value of 0 
(zero) means never log out. 


* Get Dynamically from ISP. Your ISP uses DHCP to assign 
your IP address. Your ISP automatically assigns these 
addresses. 

* Use Static IP Address. Enter the IP address that your ISP 
assigned. Also enter the IP subnet mask and the gateway IP 
address. The gateway is the ISP's wireless router to which 


your wireless router will connect. 
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Table 1-1. Basic Settings screen fields (continued) 


Settings 


This field 
appears only if 
no login is 
required. 


Domain Name Server (DNS) Address 


Router MAC Address 


Description 


The DNS server is used to look up site addresses based on 

their names. 

* Get Automatically from ISP. Your ISP uses DHCP to 
assign your DNS servers. Your ISP automatically assigns 
this address. 

* Use These DNS Servers. If you know that your ISP does 
not automatically transmit DNS addresses to the wireless 
router during login, select this option, and enter the IP 
address of your ISP's primary DNS server. If a secondary 
DNS server address is available, enter it also. 


The Ethernet MAC address that will be used by the wireless 
router on the Internet port. Some ISPs register the Ethernet 
MAC address of the network interface card in your computer 
when your account is first opened. They will then accept traffic 
only from the MAC address of that computer. This feature 
allows your wireless router to masquerade as that computer 
by "cloning" its MAC address. 

* Use Default Address. Use the default MAC address of the 
router (normally the LAN MAC address). 

* Use Computer MAC Address. The wireless router will 
capture and use the MAC address of the computer that you 
are now using. You must be using the one computer that is 
allowed by the ISP. 

* Use This MAC Address. Enter the MAC address that you 
want to use. 
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Safeguarding Your Network 


For a wireless connection, the SSID, also called the wireless network name, and the wireless 
security setting must be the same for the wireless router and wireless computers or wireless 
adapters. NETGEAR strongly recommends that you use wireless security. 


Warning: Computers can connect wirelessly at a range of several hundred feet. This can 
allow others outside of your immediate area to access your network. 


This chapter includes: 

* "Planning Your Wireless Network" 

e “Manually Configuring Your Wireless Settings" on page 2-4 

e “Using Push 'N' Connect (WPS) to Configure Your Wireless Network" on page 2-11 
e “Connecting Additional Wireless Client Devices After WPS Setup" on page 2-17 

e “Restricting Access to Your Router" on page 2-19 


* "Adding Guest Networks" on page 2-20 


| » Note: For information about restricting access to USB storage devices, see “Configuring 
USB Storage Advanced Settings" on page 7-7. 


Planning Your Wireless Network 


For compliance and compatibility between similar products in your area, the operating channel 
and region must be set correctly. 


To configure the wireless network, you can either specify the wireless settings, or you can use Wi- 
Fi Protected Setup (WPS) to automatically set the SSID and implement WPA/WPA2 security. 


* To manually configure the wireless settings, you must know the following: 
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— SSID. The default SSID for the wireless router is NETGEAR. 
— The wireless radio frequency (2.4GHz or 5GHz) that each wireless adapter supports. 


— Wireless security option. To successfully implement wireless security, check each 
wireless adapter to determine which wireless security option it supports. 


See “Manually Configuring Your Wireless Settings" on page 2-4. 


Push 'N' Connect (WPS) automatically implements wireless security on the wireless router 
while, at the same time, allowing you to automatically implement wireless security on any 
WPS-enabled devices (such as wireless computers and wireless adapter cards). You activate 
WPS by pressing a WPS button on the wireless router, clicking an onscreen WPS button, or 
entering a PIN number. This generates a new SSID and implements WPA/WPA2 security. 


Note: NETGEAR’s Push 'N' Connect feature is based on the Wi-Fi Protected Setup 
(WPS) standard (for more information, see http://www.wi-fi.org). All other Wi- 
Fi-certified and WPS-capable products should be compatible with NETGEAR 
products that implement Push 'N' Connect. 


To set up your wireless network using the WPS feature: 


— Use the WPS button on the side of the wireless router (there is also an onscreen WPS 
button), or enter the PIN of the wireless device. 


— Make sure that all wireless computers and wireless adapters on the network are Wi-Fi 
certified and WPA or WPA 2 capable, and that they support WPS configuration. 


See "Using Push 'N' Connect (WPS) to Configure Your Wireless Network" on page 2-11. 


Wireless Placement and Range Guidelines 


The range of your wireless connection can vary significantly based on the physical placement of 
the wireless router. The latency, data throughput performance, and notebook power consumption 
of wireless adapters also vary depending on your configuration choices. 


For best results, place your wireless router according to the following guidelines: 


Near the center of the area in which your PCs will operate. 


In an elevated location such as a high shelf where the wirelessly connected PCs have line-of- 
sight access (even if through walls). 


Away from sources of interference, such as PCs, microwave ovens, and 2.4 GHz cordless 
phones. 


Away from large metal surfaces. 
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e Put the router in a vertical position to provide the best side-to-side coverage. Put the router in a 
horizontal position to provide the best up-and-down coverage. 


* Ifusing multiple access points, it is better if adjacent access points use different radio 
frequency channels to reduce interference. The recommended channel spacing between 
adjacent access points is 5 channels (for example, use Channels 1 and 6, or 6 and 11). 


The time it takes to establish a wireless connection can vary depending on both your security 
settings and placement. WEP connections can take slightly longer to establish. Also, WEP 
encryption can consume more battery power on a notebook computer. 


Wireless Security Options 


Indoors, computers can connect over 802.11g wireless networks at a maximum range of up to 300 
feet. Such distances can allow for others outside your immediate area to access your network. 


Unlike wired network data, your wireless data transmissions can extend beyond your walls and 
can be received by anyone with a compatible adapter. For this reason, use the security features of 
your wireless equipment. The WNDR3400 router provides highly effective security features which 
are covered in detail in this chapter. Deploy the security features appropriate to your needs. 


There are several ways you can enhance the security of your wireless network: 


Internet | 


Figure 2-1 


Wireless data security options 


Range: up to 300 foot radius 


1) Open system: easy, but no security. 


2) WEP: security, but some performance 
impact. 

3) WPA-PSK: strong security. 

4) WPA2-PSK: very strong security. 


e WEP. Wired Equivalent Privacy (WEP) data encryption provides data security. WEP Shared 
Key authentication and WEP data encryption block all but the most determined eavesdropper. 
This data encryption mode has been superseded by WPA-PSK and WPA2-PSK. 


* WPA-PSK (TKIP), WPA2-PSK (AES). Wi-Fi Protected Access (WPA) using a pre-shared 
key to perform authentication and generate the initial data encryption keys. The very strong 
authentication along with dynamic per frame re-keying of WPA makes it virtually impossible 
to compromise. 
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For more information about wireless technology, see the link to the online document in “Wireless 
Networking Basics" in Appendix B. 


Manually Configuring Your Wireless Settings 


You can view or manually configure the wireless settings for the wireless router in the Wireless 
Settings screen. If you want to make changes, make sure to note the current settings first. 


Note: If you use a wireless computer to change the wireless network name (SSID) or 
wireless security settings, you will be disconnected when you click Apply. To 


avoid this problem, use a computer with a wired connection to access the wireless 
router. 


To view or manually configure the wireless settings: 


1. Log in to the wireless router at its default LAN address of http://www.routerlogin.net with 
its default user name of admin, and default password of password, or using whatever 
password and LAN address you have chosen for the wireless router. 
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2. Select Wireless Settings from the main menu to display the Wireless Settings screen: 


Wireless Settings 


Region Selection 
Redion 


Wireless Network (2.4GHz bigin} 
Y| Enable SSID Broadcast 


Name (881D) [NETGEAR 


Channel [Auto ¥| 


Mode [Up to 14 5Mbps ¥| 


Security Options 

(9 None 

Owep 

O WPA-PSK (TKIP) 

O WPA2-PSK (AES) 

O WPA-PSK (TKIP) + WPA2-PSK (AES) 


Wireless Network (5GHz ain) 
[v] Enable SSID Broadcast 


Name (SSID) |NETGEAR-5G 


Channel E x] 


Mode [Up ia 300 Mbps Vj 
Security Options 

(9 None 

Owep 

O WPA-PSK (TKIP) 

O WPA2-PSK (AES) 

O WPA-PSK (TKIP) + WPA2-PSK (AES) 


Figure 2-2 


The settings for this screen are explained in Table 2-1 on page 2-6. 
3. Select the region in which the wireless router will operate. 
4. For initial configuration and test, leave the other settings unchanged. 


5. To save your changes, click Apply. 
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6. Configure and test your computers for wireless connectivity. 


Program the wireless adapter of your computers to have the same SSID and wireless security 
settings as your wireless router. Check that they have a wireless link and are able to obtain an 
IP address by DHCP from the wireless router. If there 1s interference, adjust the channel. 


Table 2-1. Wireless Settings 


Settings 


Region Selection 


Description 


The location where the router is used. Select from the countries in 
the drop-down list. Note: In the US, the region is pre-selected as 
the United States. 


Wireless Network 
(for 2.4 GHz b/g/n 
and 

5 GHz a/n) 


Enable SSID 
Broadcast 


Name (SSID) 


Channel 


Mode 


The SSID of any wireless access adapter must match the SSID 
you configure in the wireless router. If they do not match, you will 
not get a wireless connection to the wireless router. 

Clear this check box to disable broadcast of the SSID, so that only 
devices that know the correct SSID can connect. Disabling SSID 
broadcast nullifies the wireless network discovery feature of some 
products such as Windows XP. 


This is the wireless network name. Enter a 32-character 
(maximum) name in this field. This field is case-sensitive. 

In a setting where there is more than one wireless network, 
different wireless network names provide a means for separating 
the traffic. Any device that you want to participate in a wireless 
network must use the SSID. 


The wireless channel fields determine the operating frequency 
used for the 11N or 11G wireless networks. Do not change the 
wireless channel unless you experience interference (shown by 
lost connections or slow data transfers). If this happens, you might 
need to experiment with different channels to see which is the 
best. 


Specify the wireless mode to be used. The options are: 

* Up to 54 Mbps. Legacy mode, using a maximum speed of up to 
54 Mbps for b/g networks. 

* Up to 145 Mbps. Neighbor friendly mode, for reduced 
interference with neighboring wireless networks. Provides two 
transmission streams with different data on the same channel at 
the same time, but also allows 802.11b and 802.11g wireless 
devices. This is the default value for the 2.4 GHz b/g/n wireless 
network. 

* Up to 300 Mbps. Performance mode, using a maximum 
Wireless-N speed of up to 300 Mbps. This is the default value for 
the 5 GHz a/n wireless network. 
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Table 2-1. Wireless Settings (continued) 


Settings Description 


Security Options * None. You can use this setting to establish wireless connectivity 

«| before implementing wireless security. NETGEAR strongly 
recommends that you implement wireless security. 

* WEP (Wired Equivalent Privacy). Use encryption keys and data 
encryption for data security. Select 64-bit or 128-bit encryption. 
See "Configuring WEP Wireless Security." When you select this 
option, these additional areas appear on your screen: 


* Security Encryption (WEP). Select the Authentication 
Type (Automatic or Shared Key) and the Encryption 
Strength (64 bit or 128 bit). 


* Security Encryption (WEP) Key. Enter the Passphrase, 
select a key, and click Generate. 


* WPA-PSK [TKIP] (WiFi Protected Access Pre-Shared Key). 
Allow only computers configured with WPA to connect to the 
wireless router. When you select this option, this additional area 
appears on your screen: 


* Security Options (WPA-PSK). Enter the WPA 
passphrase (Network key). The passphrase must be 
between 8 and 63 ASCII characters or exactly 64 hex 
digits. 

WPA2-PSK [AES] (Wi-Fi Protected Access with 2 Pre-Shared 
Keys). Allow only computers configured with WPA2 to connect to 
the wireless router. When you select this option, this additional 
area appears on your screen: 


* Security Options (WPA2-PSK). Enter the WPA 
passphrase (Network key). The passphrase must be 
between 8 and 63 ASCII characters or exactly 64 hex 
digits. 

* WPA-PSK [TKIP] + WPA2-PSK [AES]. Allow computers 
configured with either WPA-PSK or WPA2-PSK security to 
connect to the wireless router. When you select this option, this 
additional area appears on your screen: 


* Security Options (WPA-PSK + WPA2-PSK). Enter the 
WPA passphrase (Network key). The passphrase must 
be between 8 and 63 ASCII characters or exactly 64 hex 
digits. 
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Configuring WEP Wireless Security 


Note: If you use a wireless computer to configure wireless security settings, you will be 
disconnected when you click Apply. Reconfigure your wireless computer to match 
the new settings, or access the wireless router from a wired computer to make 
further changes. 


To configure WEP data encryption: 


1. Log in to the wireless router at its default LAN address of http://www.routerlogin.net with 
its default user name of admin, and default password of password, or using whatever 
password and LAN address you have chosen for the wireless router. 


2. From the main menu, select Wireless Settings to display the Wireless Settings screen. 


E Note: On this screen, you specify wireless settings for both wireless networks: the 2.4 
GHz and the 5 GHz. 


3. Setthe Security Options for the 2.4 GHz network first by selecting the WEP radio button in 
the Security Options section: 


ecurity Options 
O None 
GweEP — 4—— — — — — — ————————————— 
O WPA-PSK (TKIP) 
O WPA2-PSK (AES) 
O WPA-PSK (TKIP) + WPA2-PSK (AES) 


Security Encryption (WEP) 


Authentication Type Automatic ~ 


Encryption Strength |b4-bit ¥ 


Security Encryption (WEP) Key 
Passphrase 


Key1 © 
Key2 O 
Key3 O 


Key4 O 


Figure 2-3 
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4. Select the Authentication Type: Automatic or Shared Key. 


Note: The authentication scheme is separate from the data encryption. You can select 
an automatic authentication scheme, which may not run authentication, but still 


leaves the data transmissions encrypted. If you require strong security, use both 
the Shared Key and WEP encryption settings. 


5. Select the Encryption Strength setting: 
e WEP 64-bit encryption. Enter 10 hexadecimal digits (any combination of 0—9, a-f, or 
A-F). 
* WEP 128-bit encryption. Enter 26 hexadecimal digits (any combination of 0-9, a-f, or 
A-F). 


6. Enter the encryption keys. You can manually or automatically program the four data 
encryption keys. These values must be identical on all computers and access points in your 
network: 


—  Passphrase. To use a passphrase to generate the keys, enter a passphrase, and click 
Generate. This automatically creates the keys. Wireless stations must use the passphrase 
or keys to access the wireless router. 


Note: Not all wireless adapters support passphrase key generation. 


— Key1-Key 4. These values are not case-sensitive. You can manually enter the four data 
encryption keys. These values must be identical on all computers and access points in your 
network. Enter 10 hexadecimal digits (any combination of 0-9, a-f, or A-F). 


7. Select which of the four keys will be the default. 


Data transmissions are always encrypted using the default key. The other keys can be used 
only to decrypt received data. The four entries are disabled if WPA-PSK or WPA 
authentication is selected. 


8. Specify the wireless setting for the 5 GHz wireless network the same as you did for the 2.4 
GHz wireless network. 


9. Click Apply to save your settings. 
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Configuring WPA, WPA2, or WPA/WPA2 Wireless Security 


To set up wireless security, you can either manually configure it in the Wireless Settings screen, or 
you can use Wi-Fi Protected Setup (WPS) to automatically set the SSID and implement WPA/ 
WPA2 security (see “Using Push 'N' Connect (WPS) to Configure Your Wireless Network" on 
page 2-11. 


Both WPA and WPA2 provide strong data security. WPA with TKIP is a software implementation 
that can be used on Windows systems with Service Pack 2 or later. NETGEAR recommends using 
WPA2 with AES, which provides the strongest security. WPA2 with AES is a hardware 
implementation; see your device documentation before implementing it. Consult the product 
documentation for your wireless adapter for instructions for configuring WPA settings. 


Note: If you use a wireless computer to configure wireless security settings, you will be 
disconnected when you click Apply. If this happens, reconfigure your wireless 


computer to match the new settings, or access the wireless router from a wired 
computer to make further changes. 


To configure WPA or WPA2 in the wireless router: 


1. Log in to the wireless router at its default LAN address of http://www.routerlogin.net with 
its default user name of admin and default password of password, or using whatever 
password and LAN address you have chosen for the wireless router. 


2. Select Wireless Settings from the main menu. 
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3. Onthe Wireless Setting screen, select the radio button for the WPA or WPA2 option of your 
choice. 


Wireless Network(2.4GHz b/g/n) 
Enable SSID Broadcast 
Name (SSID) NETGEAR 


Channel Auto xj 


Mode Up to 145 Mbps g| 


Security Options 

O None 

O WEP 

O WPA-PSK (TKIP) 

(9 WPA2-PSK (AES) 

O WPA-PSK (TKIP) + WPA2-PSK (AES) 


Security Options (WPA2-PSK) 


Passphrase (8-63 characters or 64 hex digits) 


Figure 2-4 


4. The settings displayed on the screen depend on which security option you select. 
5. For WPA-PSK or WPA2-PSK, enter the passphrase. 
6. To save your settings, click Apply. 


Using Push 'N' Connect (WPS) to Configure Your Wireless 
Network 


If your wireless clients support Wi-Fi Protected Setup (WPS), you can use this feature to configure 
the wireless router's SSID and security settings and, at the same time, connect the wireless client 
securely and easily to the wireless router. Look for the ©) symbol on your client device 
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(computers that will connect wirelessly to the wireless router are clients). WPS automatically 
configures the network name (SSID) and wireless security settings for the wireless router (if the 
wireless router is in its default state) and broadcasts these settings to the wireless client. 


Note: NETGEAR’s Push 'N' Connect feature is based on the Wi-Fi Protected Setup 
(WPS) standard (for more information, see http://www.wi-fi.org). All other Wi-Fi- 
certified and WPS-capable products should be compatible with NETGEAR 
products that implement Push 'N' Connect. 


Some considerations regarding WPS are: 


e WPS supports these types of wireless security: None, WPA-PSK, WPA2-PSK, and WEP (with 
the authentication type set to Automatic on the Wireless Settings screen). WEP security with 
shared key authentication is not supported by WPS. 


* If your wireless network will include a combination of WPS capable devices and non-WPS 
capable devices, NETGEAR suggests that you set up your wireless network and security 
settings manually first, and use WPS only for adding additional WPS capable devices. See 
“Adding Both WPS and Non-WPS Clients” on page 2-17. 


A WPS client can be added using the Push Button method or the PIN method. 


e Using the Push Button. This is the preferred method. See the following section, “Using a 
WPS Button to Add a WPS Client” on page 2-12. 


* Entering a PIN. For information about using the PIN method, see “Using PIN Entry to Add a 
WPS Client” on page 2-14. 


Using a WPS Button to Add a WPS Client 


Any wireless computer or wireless adapter that will connect to the wireless router wirelessly is a 
client. The client must support a WPS button, and must have a WPS configuration utility, such as 
the NETGEAR Smart Wizard or Atheros Jumpstart. 


To use the wireless router WPS button to add a WPS client: 


1. Log in to the wireless router at its default LAN address of http://www.routerlogin.net with 
its default user name of admin and default password of password, or using whatever LAN 
address and password you have set up. 
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2. Onthe wireless router main menu, select Add a WPS Client, and then click Next. The 
following screen displays: 


Add WPS Client 


Select a setup method: 
(9 Push Button (recommended) 
You can either press the Push Button physically on the router or press the Button below 


(soft Push Button) 
ua WPS button 


OPIN Number 


Figure 2-5 


By default, the Push Button (recommended) radio button is selected. 
3. Either press the WPS button on the side of the wireless router, or click the onscreen button. 
The wireless router tries to communicate with the client for 2 minutes. 


4. Go to the client wireless computer, and run a WPS configuration utility. Follow the utility's 
instructions to click a WPS button. 


5. Go back to the wireless router screen to check for a message. 


The wireless router WPS screen displays a message confirming that the client was added to the 
wireless network. The wireless router generates an SSID, and implements WPA/WPA2 
wireless security. The wireless router will keep these wireless settings unless you change 


them, or you clear the Keep Existing Wireless Settings check box in the WPS Settings 
screen. 


WPS Settings 


WPS Settings 
Router's PIN: 12345670 


iv | Keep Existing Wireless Settings 


Figure 2-6 


6. Note the new SSID and WPA/WPA2 password for the wireless network. You can view these 
settings in the Wireless Settings screen. See “Manually Configuring Your Wireless Settings" 
on page 2-4. 
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To access the Internet from any computer connected to your wireless router, launch a browser such 
as Microsoft Internet Explorer or Mozilla Firefox. You should see the wireless router's Internet 
LED blink, indicating communication to the ISP. 


Note: If no WPS-capable client devices are located during the 2-minute time frame, the 
SSID will not be changed, and no security will be implemented on the wireless 


router. 


Using PIN Entry to Add a WPS Client 


Any wireless computer or wireless adapter that will connect to the wireless router wirelessly is a 
client. The client must support a WPS PIN, and must have a WPS configuration utility, such as the 
NETGEAR Smart Wizard or Atheros Jumpstart. 


The first time you add a WPS client, make sure that the Keep Existing Wireless Settings check 
box on the WPS Settings screen is cleared. This is the default setting for the wireless router, and 
allows it to generate the SSID and WPA/WPA2 security settings when it implements WPS. After 
WPS is implemented, the wireless router automatically selects this check box so that your SSID 
and wireless security settings remain the same if other WPS-enabled devices are added later. 


To use a PIN to add a WPS client: 


1. Log in to the wireless router at its default LAN address of http://www.routerlogin.net with 
its default user name of admin and default password of password, or using whatever LAN 
address and password you have set up. 


2. On the wireless router main menu, select Add a WPS Client (computers that will connect 
wirelessly to the wireless router are clients), and then click Next. The Add WPS Client screen 
displays: 


Add WPS Client 


Select a setup method: 

© Push Button (recommended) 

© PIN Number 

If your Adapter supports WPS, please click on "Generate a client Security Pin to input on 
the AP/RouteriGateway" and put the generated client PIN number here. 


Enter Client's PIN: Next 


Figure 2-7 


3. Select the PIN Number radio button. 
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4. Goto the client wireless computer. Run a WPS configuration utility. Follow the utility's 
instructions to generate a PIN. Take note of the client PIN. 


5. From the wireless router Add WPS Client screen, enter the client PIN number, and then click 
Next. 


— The wireless router tries to communicate with the client for 4 minutes. 


— The wireless router WPS screen displays a message confirming that the client was added 
to the wireless network. The wireless router generates an SSID, and implements WPA/ 
WPA2 wireless security. 


6. Note the new SSID and WPA/WPA2 password for the wireless network. You can view these 
settings in the Wireless Settings screen. See “Manually Configuring Your Wireless Settings" 
on page 2-4 


To access the Internet from any computer connected to your wireless router, launch a browser such 
as Microsoft Internet Explorer or Mozilla Firefox. You should see the wireless router's Internet 
LED blink, indicating communication to the ISP. 


Note: If no WPS-capable client devices are located during the 4-minute time frame, the 


SSID will not be changed and no security will be implemented on the wireless 
router. 
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Configuring Advanced WPS Settings 


From the Advanced menu, select Wireless Settings to display the following screen: 
Wireless Settings 


Advanced Wireless Settings (2.4GHz bigin} 
[v] Enable Wireless Router Radio 


Fragmentation Length (256 
-2346) 


CTSIRTS Threshold (1-2347) [2347 


2346 


Preamble Mode [Long Preamble ¥ 


Advanced Wireless Settings (5GHz ain) 
Enable Wireless Router Radio 


Fragmentation Length (256 
-2346) 


CTS/RTS Threshold (1-2347) Bayz 


(2346 


Preamble Mode |Long Preamble v 


WPS Settings 

Router's PIN 10000151 
[ ]Disable Router's PIN 

C] Keep Existing Wireless Settings (2.4G -z bigin) 

C] Keep Existing Wireless Settings (5GHz ain) 


Wireless Card Access List | Set Up Access List ] 


Figure 2-8 


The WPS Settings area displays the wireless router PIN, and allows you to Disable Router’s PIN 
and the Keep Existing Wireless Settings for either wireless network (2.4GHz or 5GHz). 


By default, both Keep Existing Wireless Settings check boxes are unchecked. This allows the 
wireless router to automatically generate the SSID and WPA/WPA2 security settings when it 
implements WPS. After WPS is implemented or changes in wireless settings are applied, the 
wireless router automatically selects this check box so that your SSID and wireless security 
settings remain the same if you add WPS-enabled devices or if you manually add non WPS- 
capable devices later. 


Note: If you clear either Keep Existing Wireless Settings check box, all wireless 
settings and connections will be lost for that wireless network. 
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Connecting Additional Wireless Client Devices After WPS 
Setup 


You can add more WPS clients to your wireless network, or you can add a combination of WPS- 
enabled clients and clients without WPS. 


Adding More WPS Clients 


Note: Your wireless settings remain the same when you add another WPS-enabled client, 
as long as the Keep Existing Wireless Settings check box is selected in the 
Advanced Wireless screen (listed under the Advanced heading in the wireless 
router main menu). If you clear this check box, when you add the client, a new 
SSID and passphrase will be generated, and all existing connected wireless clients 
will be disassociated and disconnected from the wireless router. 


To add a wireless client device that is WPS-enabled: 


1. Follow the procedures in “Using a WPS Button to Add a WPS Client" on page 2-12 or “Using 
PIN Entry to Add a WPS Client” on page 2-14. 


2. To view a list of all devices connected to your wireless router (including wireless and 
Ethernet-connected), see “Viewing a List of Attached Devices” on page 4-10. 


Adding Both WPS and Non-WPS Clients 


For non-WPS clients, you cannot use the WPS setup procedures to add them to the wireless 
network. You must record, and then manually enter your security settings (see “Manually 
Configuring Your Wireless Settings” on page 2-4). 


To connect a combination of non-WPS enabled and WPS-Enabled clients to the wireless router: 


1. Restore the wireless router to its factory default settings (press both the Wireless and WPS 
buttons on the side of the wireless router for 5 seconds). 


When the factory settings are restored, all existing wireless clients are disassociated and 
disconnected from the wireless router. 


2. Configure the network names (SSIDs), select the WPA/PSK + WPA2/PSK radio button on the 
Wireless Settings screen (see “Manually Configuring Your Wireless Settings” on page 2-4). 
and click Apply. On the WPA/PSK + WPA2/PSK screen, select a passphrase and click Apply. 
Record this information to add additional clients. 
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3. Forthe non-WPS devices that you want to connect, open the networking utility and follow the 
utility's instructions to enter the security settings that you selected in Step 2 (the SSID, WPA/ 
PSK + WPA2/PSK security method, and passphrase). 


4. For the WPS devices that you want to connect, follow the procedure “Using a WPS Button to 
Add a WPS Client” on page 2-12 or “Using PIN Entry to Add a WPS Client” on page 2-14. 


The settings that you configured in Step 2 are broadcast to the WPS devices so that they can 
connect to the wireless router. 


Note: To make sure that your new wireless settings remain in effect, verify that the 
Keep Existing Wireless Settings checkbox is selected in the WPS Settings 
screen. 


5. To view a list of all devices connected to your wireless router (including wireless and 
Ethernet-connected), see “Viewing a List of Attached Devices” on page 4-10. 
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Restricting Access to Your Router 


You can use the advanced Wireless Settings screen to enable or disable the wireless router. From 
the Advanced menu, select Wireless Settings to display the following screen: 


Wireless Settings 


Advanced Wireless Settings (2.4GHz bigin) 
Enable Wireless Router Radio 


Fragmentation Length (256 
-2348) 


CTSIRTS Threshold (1-2347) pae | 


|2346 


Preamble Mode {Long Preamble v 


Advanced Wireless Settings (5GHz ain) 
[V] Enable Wireless Router Radio 


Fragmentation Length (256 
-2346) 


(2346 


CTS/RTS Threshold (1-2347) [2347 

Preamble Mode |Long Preamble v 
WPS Settings 
Router's PIN 10000151 


[ ]Disable Router's PIN 
Cl Keep Existing Wireless Settings (2.4Gz b/g/n) 
Keep Existing Wireless Settings (5GHz aln) 


Wireless Card Access List | Set Up Access List 


Figure 2-9 


* Enable Wireless Router Radio. 
You can completely turn off the wireless portion of the wireless router. For example, if you 
use your notebook computer to wirelessly connect to your wireless router, and you take a 
business trip, you can turn off the wireless portion of the wireless router while you are 
traveling. Other members of your household who use computers connected to the wireless 
router via Ethernet cables can still use the wireless router. To do this, clear the Enable 
Wireless Router Radio check box on the Advanced Wireless Settings screen, and then click 


Apply. 


The Fragmentation Threshold, CTS/RTS Threshold, and Preamble Mode options are reserved 
for wireless testing and advanced configuration only. Do not change these settings. 
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* WPS Settings. For information about WPS settings, see “Using Push 'N' Connect (WPS) to 
Configure Your Wireless Network" on page 2-11. 


* Restricting access by MAC address. You can use a Wireless Card Access List to restrict 
access. See "Restricting Access by MAC Address" on page 3-2. 


Adding Guest Networks 


Adding a guest network allows visitors at your home to use the Internet without having to know 
your wireless security key. 


You can add a guest network to each wireless network, 2.4 GHz b/g/n or 5 GHz a/n. 


To add a guest network, do the following: 


Safeguarding Your Network 2-20 
v1.0, June 2010 


N600 Wireless Dual Band Router WNDR3400 User Manual 


1. Select Guest Network from the Setup menu. The Guest Network Settings screen appears 


Guest Network Settings 


Wireless Network (2.4GHz b/gin) - Profile 
Enable Guest Network 
Y| Enable SSID Broadcast 


Allow Guestto access My 

Local Network 

Guest Wireless Network Name 

(SSID): NETGEAR Guest1 


Security Options - Profile 
© None 
O WEP 
O WPA-PSK [TKIP] 
O WPA2-PSK [AES] 
O WPA-PSK [TKIP] + WPA2-PSK [AES] 


Wireless Network (5GHz ain) - Profile 


Enable Guest Network 
Enable SSID Broadcast 


«] 


Allow Guestto access My 

Local Network 

Guest Wireless Network Name NETGEAR-5G Guest! 
(SSID): = 


Security Options - Profile 

© None 

O WEP 

O WPA-PSK [TKIP] 

O WPA2-PSK [AES] 

(OO WPA-PSK [TKIP] + WPA2-PSK [AES] 


Figure 2-10 


2. Define a guest network on either or both of your wireless networks from this same screen. 
Select any of the following Wireless settings: 


— Enable Guest Network — When this check box is selected, the guest network is enabled, 
and guests can connect to your network using the SSID of this profile. 


— Enable SSID Broadcast — If selected, the Wireless Access Point broadcasts its name 
(SSID) to all Wireless Stations. Stations with no SSID can adopt the correct SSID for 
connections to this Access Point. 


— Allow Guest to access My Local Network — If selected any user who connects to this 
SSID can access local networks associated with the router like users in the primary SSID. 
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3. Give the wireless network a name. 


The name is case-sensitive and can be up to 32 characters. The same name must be assigned to 
all wireless devices in your network. NETGEAR recommends that you change the name to a 
different value. 


4. Select a Security option from the list. For a description of each Security option, see Security 
Options in the table “Wireless Settings" on page 2-6. 


5. Inthe same way that you defined a guest network for your 2.5MHz b/g/n wireless network, 
you can also define a guest network for your 5GHz a/n wireless network. 


6. Click Apply to save your selections. 
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Chapter 3 
Protecting Your Network 


This chapter describes how to use the content filtering and reporting features of the N600 Wireless 
Dual Band Router WNDR3400 to protect your network. You can find these features by selecting 
the items under Content Filtering in the wireless router main menu. 

This chapter includes the following sections: 

e “Protecting Access to Your Wireless Router” 

* “Restricting Access by MAC Address" on page 3-2 

e “Blocking Access to Internet Sites" on page 3-4 

* “Blocking Access to Internet Services" on page 3-5 

e “Scheduling Blocking" on page 3-8 

* “Viewing Logs of Web Access or Attempted Web Access" on page 3-8 

e “Configuring E-mail Alert and Web Access Log Notifications" on page 3-9 

* “Setting the Time" on page 3-11 


Protecting Access to Your Wireless Router 


For security reasons, the wireless router has its own user name and password. Also, after a period 
of inactivity for a set length of time, the administrator login automatically disconnects. When 
prompted, enter admin for the wireless router user name and password for the wireless router 
password. You can use procedures in the following sections to change the wireless router 
password and the amount of time for the administrator's login time-out. 


E Note: The user name and password are not the same as a user name or password you 


might use to log in to your Internet connection. 


NETGEAR recommends that you change this password to a more secure password. The ideal 
password should contain no dictionary words from any language, and should be a mixture of both 
upper and lower case letters, numbers, and symbols. Your password can be up to 30 characters. 
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Changing the Built-In Password 


1. Log in to the wireless router at its default LAN address of http://www.routerlogin.net with 
its default user name of admin, default password of password, or using whatever password 
and LAN address you have chosen for the wireless router. 


2. From the main menu, under the Maintenance heading, select Set Password to display the Set 
Password screen: 


3. To change the password, first enter the old password, and then enter the new password twice. 


4. Click Apply to save your changes. 


Note: After changing the password, you must log in again to continue the 
configuration. If you have backed up the wireless router settings previously, 
you should do a new backup so that the saved settings file includes the new 
password. 


Restricting Access by MAC Address 


For increased security, you can restrict access to the wireless network to allow only specific PCs 
based on their MAC addresses. You can restrict access to only trusted PCs so that unknown PCs 
cannot wirelessly connect to the WNDR3400 router. MAC address filtering adds an obstacle 
against unwanted access to your network, but the data broadcast over the wireless link is fully 
exposed. 


To restrict access based on MAC addresses: 


1. Log in to the wireless router at its default LAN address of http://www.routerlogin.net with 
its default user name of admin, and default password of password, or using whatever 
password and LAN address you have chosen for the wireless router. 


Note: If you configure the router from a wireless computer, add your computer's 

— MAC address to the access list. Otherwise you will lose your wireless 
connection when you click Apply. You must then access the wireless router 
from a wired computer, or from a wireless computer that is on the access 
control list, to make any further changes. 
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From the main menu, select Wireless Settings, and then click Setup Access List to display the 
Wireless Card Access List screen. 


Wireless Card Access List Setup Access List 


Wireless Card Access List 


C Turn Access Control On 


Device Name Mac Address 


Figure 3-1 


Click Add to add a wireless device to the wireless access control list. The Wireless Card 
Access Setup screen opens and displays a list of currently active wireless cards and their 
Ethernet MAC addresses. 


Wireless Card Access Setup 


Available Wireless Cards 
Device Name MAC Address 
(O) 9300UNIT2 00:0f.b5:0d:ab:19 


Wireless Card Entry 
Device Name: [3300UNIT2 ] 


MAC Address: 00:0f:b5:0d:ab:19 


Figure 3-2 


Adjust the list as needed for your network. You can add devices using either of the following 
methods: 


e Ifthe computer is in the Available Wireless Cards table, select the radio button of that 
computer to capture its MAC address. 
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e Use the Add button to enter the MAC address of the device to be added. The MAC 
address can usually be found on the bottom of the wireless device. 


—> Note: If no device name appears when you enter the MAC address, you can type a 
descriptive name for the computer that you are adding. 


5. Click Add, and then click Apply to save these settings. Now, only devices on this list will be 
allowed to wirelessly connect to the router. 


Blocking Access to Internet Sites 


The WNDR3400 router allows you to restrict access based on Web addresses and Web address 
keywords. Up to 255 entries are supported in the Keyword list. 


Keyword application examples: 
e Ifthe keyword XXX is specified, the URL www.zzzyyqq.com/xxx.html is blocked. 


* Ifthe keyword .com is specified, only websites with other domain suffixes (such as .edu, .org, 
or .gov) can be viewed. 


To block access to Internet sites: 


1. Select Block Sites under Content Filtering in the main menu. The Block Sites screen displays. 


Block Sites - 


Keyword Blocking 
© Never 

O Per Schedule 
O Always 


Type keyword or domain name here. 


Add Keyword 


Block sites containing these keywords or domain names: 


discodanny 


Delete Keyword ji Clear List 


Allow Trusted IP Address To Visit Blocked Sites 


Trusted IP Address 0 0 0 0 


Figure 3-3 
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2. Enable keyword blocking by selecting either Per Schedule or Always. 


To block by schedule, be sure to specify a time period in the Schedule screen. For information 
about scheduling, see “Scheduling Blocking" on page 3-8. 


Block all access to Internet browsing during a scheduled period by entering a dot (.) as the 
keyword, and then set a schedule in the Schedule screen. 


3. Adda keyword or domain by entering it in the keyword field and clicking Add Keyword. The 
keyword or domain name then appears the Block sites containing these keywords or domain 
names list. 


Delete a keyword or domain name by selecting it from the list and clicking Delete Keyword. 


4. You can specify one trusted user, which is a computer that is exempt from blocking and 
logging. Specify a trusted user by entering that computer's IP address in the Trusted IP 
Address fields. 


Since the trusted user is identified by IP address, you should configure that computer with a 
fixed IP address. 


5. Click Apply to save all your settings in the Block Sites screen. 


Blocking Access to Internet Services 


The wireless router allows you to block the use of certain Internet services by computers on your 
network. This is called service blocking or port filtering. Services are functions performed by 
server computers at the request of client computers. For example, Web servers serve Web pages, 
time servers serve time and date information, and game hosts serve data about other players? 
moves. When a computer on your network sends a request for service to a server computer on the 
Internet, the requested service is identified by a service or port number. This number appears as the 
destination port number in the transmitted IP packets. For example, a packet that is sent with 
destination port number 80 is an HTTP (Web server) request. 
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To block access to Internet services: 


1. Select Block Services under Content Filtering in the main menu. The Block Services screen 
displays. 


Block Services 


Services Blocking 
(9 Never 

O Per Schedule 
O Always 


Service Table 
= Service Type Port IP 


Figure 3-4 


2. Enable service blocking by selecting either Per Schedule or Always, and then click Apply. 


To block by schedule, be sure to specify a time period in the Schedule screen. For information 
about scheduling, see Scheduling Blocking" on page 3-8. 


3. Specify a service for blocking by clicking Add. The Block Services Setup screen displays. 


Block Services Setup 


Service Type 
Protocol 


Starting Port (1465534) 


Ending Port (1-465534) 


Service Type/User Defined , 


Filter Services For : 
O Only This IP Address:;192 |168 | 


OIP Address Range: |192 ||168 || 


toj192 ||168 || 
© AIL IP Addresses 


Figure 3-5 
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4. From the Service Type list, select the application or service to be allowed or blocked. The list 
already displays several common services, but you are not limited to these choices. To add any 
additional services or applications that do not already appear, select User Defined. 


5. Select the radio button for the IP address configuration you want to block, and then enter the 
IP addresses in the appropriate fields. 


You can block the specified service for a single computer, a range of computers (having 
consecutive IP addresses), or all computers on your network. 


6. Click Add to enable your Block Services Setup selections. 


Configuring a User-Defined Service 


To define a service, first you must determine which port number or range of numbers is used by 
the application. The service port numbers for many common protocols are defined by the Internet 
Engineering Task Force (IETF) and published in RFC1700, *Assigned Numbers." Service 
numbers for other applications are typically chosen from the range 1024 to 65535 by the authors of 
the application. You can often determine port number information by contacting the publisher of 
the application, by asking user groups or newsgroups, or by searching. 


* Enter the starting port and ending port numbers. If the application uses a single port number, 
enter that number in both fields. 


* Ifyou know that the application uses either TCP or UDP, select the appropriate protocol. If 
you are not sure, select Both. 
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Scheduling Blocking 


To schedule blocking: 


1. 
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Select Schedule under Content Filtering in the main menu. The Schedule screen displays. 


Schedule 


Days To Block: 
W Every day 
I Sunday 

IV Monday 

I Tuesday 
T Wednesday 
T Thursday 
F Friday 

TV Saturday 


Time Of Day To Block: (use 24-hour clock) 
Iv All Day 


Start Blocking: í Hour |! Min 
End Blocking: ( Hour Min 
Cancel 


Figure 3-6 


Configure the schedule for blocking keywords and services. 


a. Days to Block. Select days on which you want to apply blocking by selecting the 
appropriate check boxes. Select Every Day to select the check boxes for all days. Click 


Apply. 


b. Time of Day to Block. Select a start and end time in 24-hour format. Select All Day for 
24-hour blocking. Click Apply. 


Be sure to select your time zone in the E-mail screen as described in “Setting the Time" on 


page 3-11. 


Click Apply to save your settings. 


Viewing Logs of Web Access or Attempted Web Access 


The log is a detailed record of the websites you have accessed or attempted to access. Up to 
256 entries are stored in the log. Log entries appear only when keyword blocking is enabled and no 
log entries are made for the trusted user. 
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Select Logs under Content Filtering in the main menu. The Logs screen displays. 
Logs 


Current Time Friday, Jun 26, 2009 14:06:45 


|[admin login] from source 192.168.1.2, Friday, June 
[26,2009 13:29:13 

[UPnP set event: add nat rule] from source 192.168.1.4 
|Friday, June 26,2009 13:05:04 

[DHCP IP: 192.168.1.4] to MAC address 00:16:6f:b8:a2:e5, 
|Friday, June 26,2009 13:04:47 

[admin login] from source 192.168.1.2, Friday, June 
[26,2009 09:59:42 

[UPnP set event: add nat rule] from source 10.20.1.228 
|Friday, June 26,2009 09:39:11 

[DHCP IP: 192.168.1.3] to MAC address 00:18:f3:54:0e:33, 
|Friday, June 26,2009 09:37:15 

[admin login] from source 192.168.1.2, Friday, June 
[26,2009 09:28:31 

[Time synchronized vith NTP server] Friday, June 26,2009 
[09:25:32 

[Initialized, firmware version: V1.0.4.26] Friday, June 
[26,2009 09:25:32 


l Refresh | | Clear Log J [ Send Log 


Figure 3-7 


Table 3-1. Log Entry Descriptions 


Field Description 

Date and time The date and time the log entry was recorded. 

Source IP The IP address of the initiating device for this log entry. 

Target address The name or IP address of the website or newsgroup 
visited or to which access was attempted. 

Action Whether the access was blocked or allowed. 


To refresh the log screen, click the Refresh button. 
To clear the log entries, click the Clear Log button. 
To e-mail the log immediately, click the Send Log button. 


Configuring E-mail Alert and Web Access Log Notifications 


To receive logs and alerts by e-mail, you must provide your e-mail account information. 


To configure e-mail alert and web access log notifications: 
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1. Select E-mail under Content Filtering in the main menu. The E-mail screen displays. 


E-mail 


[C Turn E-mail Notification On 
Send Alerts and Logs Via E-mail 
Your Outgoing Mail Server 
Send To Thes E-mail Address 
My Mail Server requires authentication 
User Name 
Password 


Send Alert Immediately 
When Someone Attempts To Visit A Blocked Site 


Send Logs According to this Schedule 


Time am. pm 


Time Zone 
(GMT-08:00) Pacific Time (US Canada) Md 


ty Adjust for Daylight Savings Time 


Current Time: Monday. 24 Dec 2007 15:17:07 


[Apply ] [ Cancel 


Figure 3-8 


2. Toreceive e-mail logs and alerts from the router, select the Turn E-mail Notification On 
check box. 


a. Enterthe name of your ISP's outgoing (SMTP) mail server (such as mail.myISP.com) in 
the Your Outgoing Mail Server field. You might be able to find this information in the 
configuration screen of your e-mail program. If you leave this field blank, log and alert 
messages will not be sent by e-mail. 


b. Enter the e-mail address to which logs and alerts are sent in the Send To This E-mail 
Address field. This e-mail address will also be used as the From address. If you leave this 
field blank, log and alert messages will not be sent by e-mail. 


3. If your outgoing e-mail server requires authentication, select the My Mail Server requires 
authentication check box. 


a. Enter your user name for the outgoing e-mail server in the User Name field. 
b. Enter your password for the outgoing e-mail server in the Password field. 
4. You can specify that logs are automatically sent by e-mail with these options: 


* Sendalert immediately. Select this check box for immediate notification of attempted 
access to a blocked site or service. 


Protecting Your Network 3-10 
v1.0, June 2010 


N600 Wireless Dual Band Router WNDR3400 User Manual 


e Send Logs According to this Schedule. Specifies how often to send the logs: Hourly, 
Daily, Weekly, or When Full. 


— Day. Specifies which day of the week to send the log. Relevant when the log is sent 
weekly or daily. 


— Time. Specifies the time of day to send the log. Relevant when the log is sent daily or 
weekly. 


If you select the Weekly, Daily, or Hourly option and the log fills up before the specified 
period, the log is automatically e-mailed to the specified e-mail address. After the log is sent, 
the log 1s cleared from the router's memory. If the router cannot e-mail the log file, the log 
buffer might fill up. In this case, the router overwrites the log and discards its contents. 


5. Click Apply to save your settings. 


So that the log entries are correctly time-stamped and sent at the correct time, be sure to set the 
time as described in the next section. 


Setting the Time 


The WNDR3400 router uses the Network Time Protocol (NTP) to obtain the current time and date 
from one of several network time servers on the Internet. To localize the time for your log entries, 
you must specify your time zone: 


* Time Zone. Select your local time zone. This setting is used for the blocking schedule and for 
time-stamping log entries. 


* Automatically Adjust for Daylight Savings Time. Select this check box if your region 
supports daylight savings time. When this check box is set, the router will adjust the time by 
adding one hour during the daylight savings time period. When daylight savings time ends, be 
sure to un-check this check box. 
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Chapter 4 
Using Network Monitoring Tools 


This chapter describes features to help you manage your N600 Wireless Dual Band Router 
WNDR3400. 

This chapter includes the following sections: 

* “Upgrading the Router Firmware” 

e “Viewing Wireless Router Status Information" on page 4-5 

e “Viewing a List of Attached Devices" on page 4-10 

* "Managing the Configuration File" on page 4-11 

* "Enabling Remote Management Access" on page 4-13 

* “Traffic Meter" on page 4-15 


Upgrading the Router Firmware 


The routing software (also called firmware) of the WNDR3400 router is stored in flash memory, 
and can be upgraded as NETGEAR releases new software. Your router can download and install 
the new software, or you can download upgrade files from the NETGEAR website and manually 
send the upgrade file to the router using your browser. 


Upgrade Assistant feature so that the router will automatically detect a new version 


: GO Tip: To ensure that you are always using the latest router firmware, enable the Firmware 
of the firmware on the Internet and alert you to its availability. 
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The Checking for Firmware Updates screen appears at login unless you clear the Check for 
Updated Firmware Upon Log-in check box. 


Checking for Firmware Updates 


The router is checking the NETGEAR server to see if upda 
available for your router. 


This could take up to 90 seconds, please wait 
ll 


Check for Updated Firmware Upon Log-in 


Cancel 


Figure 4-1 


A screen is also provided for upgrading the router. From the main menu, under Maintenance, 
select Router Upgrade to display the Router Upgrade screen. 


Router Upgrade 


Check for New Version from the Internet 


“| Check for New Version Upon Log-in 


Locate and Select the Upgrade File from your Hard Disk: 


Browse. 


Figure 4-2 


From this screen, you can check for new software versions by clicking the Check button. If a new 
version is found, you can download and install it in one step. To enable the Smart Wizard to 
automatically check for a new software version upon login, select the Check for New Version 
Upon Log-in check box. 


Alternatively, you can manually install an upgrade file stored on your computer. 


>x- | Tip: Before upgrading the router software, use the router Settings Backup screen to save 
e your configuration settings. À router upgrade might cause the router settings to 

revert to the factory defaults. If this happens, after completing the upgrade, you can 
restore your settings from the backup. 
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Upgrading Automatically to New Router Software 


If you have selected Check for New Version Upon Log-in, your router alerts you to the new 
software when you log in. Otherwise, you can click the Check button in the Router Upgrade 
screen to search for new software. 


If the router discovers a newer version of software, the message on the left displays when you log 
in. If no new firmware is available, the message on the right displays. 


| Firmware Version Check 


Firmware Version Check 


A New Firmware Version is Found. . = B 
No New Firmware Version Available. 


Do You Want to Upgrade to the New Version Now? 
Current Version V1.0.3.5 


New Version /1.0.3.8 


Figure 4-3 


To automatically upgrade to the new software, click Yes to allow the router to download and 
install the new software file from NETGEAR. 


Warning: When uploading software to the WNDR3400 router, do not interrupt the Web 
A browser by closing the window, clicking a link, or loading a new page. If the 
browser is interrupted, it could corrupt the software. 


When the upload is complete, your router automatically restarts. The upgrade process typically 
takes about three minutes. Read the new software release notes to determine whether you must 
reconfigure the router after upgrading. 


Upgrading Manually to New Router Software 


To manually select, download, and install new software to your router: 


1. Under Maintenance on the main menu, select Router Status. Note the version number of your 
router firmware. 


2. Goto the WNDR3400 support page on the NETGEAR website at 
http://www.netgear.com/support. 


3. Check the most recent firmware version offered against the firmware version shown in the 
Router Status screen. 
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4. Ifthe version on the NETGEAR website is more recent, download the file to your computer. 
5. Under Maintenance on the main menu, select Router Upgrade. 


6. Click Browse, and locate the firmware image that you downloaded to your PC (the file ends in 
img or .chk). 


7. Click Upload to send the firmware to the router. 


Warning: When uploading software to the WNDR3400 router, do not interrupt the 
A Web browser by closing the window, clicking a link, or loading a new 
page. If the browser is interrupted, it could corrupt the software. 


When the upload is complete, your router automatically restarts. The upgrade process 
typically takes about three minutes. Read the new software release notes to determine whether 
you must reconfigure the router after upgrading. 
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To view router status and usage information, from the main menu, under the Maintenance heading, 
select Router Status. The Router Status screen displays. 


Router Status 


Hardware Version 
Firmware Version 
GUI Language Version 


Internet Port 
MAC Address 
IP Address 
DHCP 

IP Subnet Mask 


Domain Name Server 


LAN Port 

MAC Address 
IP Address 
DHCP 

IP Subnet Mask 


Wireless Port 
Wireless Settings an 
Name (SSID) 
Region 
Channel 
Mode 
Wireless AP 
Broadcast Name 
Wireless Settings b/gin 
Name (SSID) 
Region 
Channel 
Mode 
Wireless AP 
Broadcast Name 
Wi-Fi Protected Setup bigin 
Wi-Fi Protected Setup ain 


WNDR3700 
V1.0.4.26NA 
V1.0.0.1 


00:22:3F:8C:FB:C1 
10.1.10.150 
DHCPClient 
255.255.255.0 
10.1.1.6 

10.1.17 


00:22:3F:8C;F8:CO 
192.168.1.1 

On 

255.255.255.0 


NETGEAR-5G 
United States 
36(P)+40(8) 
Up to 300 Mbps 
on 

On 


NETGEAR 
United States 
Auto (9) 

Up to 130 Mbps 
On 

On 

Not Configured 
Not Configured 


[ Show Statistics Jl 


Connection Status 


Figure 4-4 
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You can use the Show Statistics and Connection Status buttons to view additional status 
information, as described in Connection Status" on page 4-8 and "Statistics" on page 4-9. The 
following table explains Router Status screen fields. 


Table 4-1. Wireless Router Status Fields 


Field 


Hardware Version 


Description 


The router model. 


Firmware Version 


GUI Language Version 


The version of the router firmware. It changes if you upgrade the router. 


The localized language of the GUI. 


Internet MAC Address The Media Access Control address. This is the unique physical address 
Port being used by the Internet (WAN) port of the router. 
IP Address The IP address being used by the Internet (WAN) port of the router. If no 
address is shown, or is 0.0.0.0, the router cannot connect to the Internet. 
DHCP * None. The router uses a fixed IP address on the WAN. 


* DHCP Client. The router obtains an IP address dynamically from the ISP. 


IP Subnet Mask 


Domain Name 


The IP subnet mask being used by the Internet (WAN) port of the router. For 
an explanation of subnet masks and subnet addressing, click the link to the 
online document “TCP/IP Networking Basics" in Appendix B. 


The Domain Name Server addresses being used by the router. A Domain 


Server Name Server translates human-language URLs such as www.netgear.com 
into IP addresses. 
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Wireless Router Status Fields (continued) 


MAC Address 


Description 


The Media Access Control address. This is the unique physical address 
being used by the Ethernet (LAN) port of the router. 


IP Address 


DHCP 


The IP address being used by the Ethernet (LAN) port of the router. The 
default is 192.168.1.1. 


Identifies whether the router's built-in DHCP server is active for the LAN- 
attached devices. 


IP Subnet Mask 


Wireless 
Settings 
5GHz a/n 


The IP subnet mask being used by the Ethernet (LAN) port of the router. 
The default is 255.255.255.0. 


Name (SSID): The 11N wireless network name (SSID) being used by the 
wireless port of the router. The default is NETGEAR-5G. 


Region: The geographic region where the router is being used. It might be 


illegal to use the wireless features of the router in some parts of the world. 


Channel: Identifies the operating channel of the wireless port being used. 
The default channel is 36. If there is an Auto option in the channel list and 
you select it, the router will find the best operating channel available. If you 
notice interference from nearby devices, you can select a different channel. 


Mode: Indicates the wireless communication mode: 
* Up to 54Mbps 

* Up to 145Mbps 

* Up to 300Mbps (default) 


Wireless AP: Indicates whether the radio feature of the router is enabled. If 
this feature is not enabled, the Wireless light on the front panel is off. 


Broadcast Name: Indicates whether the router is broadcasting its SSID. 
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Table 4-1. Wireless Router Status Fields (continued) 


Field 


Wireless 
Settings 
2.4 GHz b/g/n 


Description 


Name (SSID): The 11N wireless network name (SSID) being used by the 
wireless port of the router. The default is NETGEAR. 


Wireless AP: Indicates whether the radio feature of the router is enabled. If 


Region: The geographic region where the router is being used. It might be 
illegal to use the wireless features of the router in some parts of the world. 


Channel: Identifies the operating channel of the wireless port being used. 
The default channel is Auto. When Auto is selected, the router will find the 
best operating channel available. If you notice interference from nearby 
devices, you can select a different channel. Channels 1, 6, and 11 will not 
interfere with each other. 


Mode: Indicates the wireless communication mode: 
* Up to 54Mbps 

* Up to 145Mbps (default) 

* Up to 300Mbps 


this feature is not enabled, the Wireless light on the front panel is off. 


Broadcast Name: Indicates whether the router is broadcasting its SSID. 


Wi-Fi Protected Setup 


Connection Status 


Indicates whether Wi-Fi Protected Setup is configured for the wireless 
network. 


To view the connection status, on the Router Status screen, click Connection Status. 


onnection Status 


192.168.100.100 


IP Address 


Subnet Mask 255.255.255.0 


Default Gateway 192.168.100.1 
DHCP Server 192.168.100.1 
DNS Server 192.168.100.1 
Lease Obtained 1 days,0 hrs,0 minutes 


Lease Expires 0 days,23 hrs,4 minutes 


Release Renew 
Close Window 


Figure 4-5 
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The following table describes the connection status settings. 


Table 4-2. Connection Status Settings 


Item 


Description 


IP Address 


The IP address that is assigned to the router. 


Subnet Mask 


Default Gateway 


The subnet mask that is assigned to the router. 


The IP address for the default gateway that the router communicates with. 


DHCP Server 


DNS Server 


The IP address for the Dynamic Host Configuration Protocol server that provides 
the TCP/IP configuration for all the computers that are connected to the router. 


The IP address of the Domain Name Service server that provides translation of 
network names to IP addresses. 


Lease Expires 


Lease Obtained 


The date and time that the lease was obtained. 


The date and time that the lease will expire. 


* Click the Release button to release the connection status items (that is, all items return to 0). 


* Click the Renew button to renew to the connection status items (that is, all items are 
refreshed). 


e Click the Close Window button to close the Connection Status screen. 


Statistics 


To view statistics, on the Router Status screen, click Show Statistics. 


System Up Time 
Port 
WAN 
LAN 1 
LAN2 
LAN 3 
LAN 4 
WLAN begin 
WLAN an 


01:34:19 

Status TxPkts RxPkts Collisions Tx Bis Rx Bis Up Time 
100MiFull 1155 21262 17 828 01:34:11 
100M/F ull 01:34:10 
Link down 


Link down 


Link down 
130M 01:34:18 
300M 01:34:18 


Poll Interval : | Set Interval 


Figure 4-6 


Using Network Monitoring Tools 


v1.0, June 2010 


N600 Wireless Dual Band Router WNDR3400 User Manual 


The following table describes the router statistics. 


Table 4-3. Router Statistics 


Item Description 


System Up Time The time elapsed since the router was last restarted. 


Port The statistics for the WAN (Internet) and LAN (Ethernet) ports. For each port, the 
screen displays: 
Status The link status of the port. 
TxPkts The number of packets transmitted on this port since reset or manual clear. 


RxPkts The number of packets received on this port since reset or manual clear. 


Collisions The number of collisions on this port since reset or manual clear. 


Tx B/s The current transmission (outbound) bandwidth used on the WAN and LAN ports. 
The current reception (inbound) bandwidth used on the WAN and LAN ports. 


The time elapsed since this port acquired the link. 


Poll Interval The intervals at which the statistics are updated in this screen. 


e To change the polling frequency, enter a time in seconds in the Poll Interval field, and click 


Set Interval. 


* To stop the polling entirely, click Stop. 


Viewing a List of Attached Devices 


The Attached Devices table lists all IP devices that the router has discovered on the local network. 


From the main menu, under Maintenance, select Attached Devices to view the table. 


Attached Devices 


Wired Devices 
= IP Address Device Name MAC Address 
1 192.168.1.2 DVOISIN 00:16:41:15:6F:B1 


Wireless Devices (Wireless intruders also show up here) 
z IP Address Device Name MAC Address 
1 182.168.1.3 BLACKBERRY-42F0 00:23:7A:0C:E8:90 


Figure 4-7 
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For each device, the table shows the IP address, NetBIOS host name or device name (if available), 
and the Ethernet MAC address. To force the router to look for attached devices, click Refresh. 


-> Note: If the router is rebooted, the table data is lost until the router rediscovers the 
pups devices. 


Managing the Configuration File 


The configuration settings of the WNDR3400 router are stored within the router in a configuration 
file. You can back up (save) this file to your computer, restore it, or reset it to the factory default 
settings. From the main menu, under Maintenance, select Backup Settings. 


Backup Settings 


Save a Copy of Current Settings 
Restore Saved Settings from a File 
Browse. 


Revert to Factory Default Settings 


Figure 4-8 


The following sections describe the available options. 


Backing Up and Restoring the Configuration 


The Restore and Backup options in the Backup Settings screen let you save and retrieve a file 
containing your router's configuration settings. 
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To save your settings, click Back Up. Your browser extracts the configuration file from the router 
and prompts you for a location on your computer to store the file. You can give the file a 
meaningful name at this time, such as comcast.cfg. 


default, password. Then change it again after you have saved the configuration file. 
If you forget the password, you will need to reset the configuration to factory 
defaults. 


Q Tip: Before saving your configuration file, change the administrator password to the 


To restore your settings from a saved configuration file, enter the full path to the file on your 
computer, or click Browse to browse to the file. When you have located it, click Restore to send 
the file to the router. The router then reboots automatically. 


A Warning: Do not interrupt the reboot process. 


Erasing the Configuration 


Under some circumstances (for example, if you move the router to a different network or if you 
have forgotten the password), you might want to erase the configuration and restore the factory 
default settings. After an erase, the router's user name is admin, the password is password, the 
LAN IP address is 192.168.1.1 (or www.routerlogin.net), and its DHCP server is enabled. 


e To erase the configuration, click the Erase button in the Backup Settings screen. 


* To restore the factory default configuration settings when you do not know the login password 
or IP address, you must use the restore factory settings button on the bottom of the router (see 
“Restoring the Default Configuration and Password" on page 8-14). 
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Enabling Remote Management Access 


The remote management feature allows you to upgrade or check the status of your WNDR3400 
router via the Internet. From the main menu, under Advanced, select Remote Management. 


Remote Management 


Turn Remote Management On 


Remote Management Address — http://10.1.10.150:8080 
Allow Remote Access By 
© Only This Computer 
O IP Address Range From 
To 


®© Everyone 


Port Number 8080 


Figure 4-9 


_____| Note: Be sure to change the router's default configuration password to a very secure 
password. The ideal password should contain no dictionary words from any 
language, and should be a mixture of letters (both uppercase and lowercase), 
numbers, and symbols. Your password can be up to 30 characters. 


To configure your router for remote management: 
1. Select the Turn Remote Management On check box. 


2. Under Allow Remote Access By, specify what external IP addresses will be allowed to access 
the router's remote management. 


(=> | Note: For enhanced security, restrict access to as few external IP addresses as 
EE practical. 


e To allow access from any IP address on the Internet, select Everyone. 


e To allow access from a range of IP addresses on the Internet, select IP Address Range. 
Enter a beginning and ending IP address to define the allowed range. 
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e To allow access from a single IP address on the Internet, select Only This Computer. 
Enter the IP address that will be allowed access. 


3. Specify the port number for accessing the management interface. 


Normal Web browser access uses the standard HTTP service port 80. For greater security, 
enter a custom port number for the remote management Web interface. Choose a number 
between 1024 and 65535, but do not use the number of any common service port. The default 
is 8080, which is a common alternate for HTTP. 


4. Click Apply to have your changes take effect. 


Note: When accessing your router from the Internet, type your router's WAN IP address 
into your browser's address or location field, followed by a colon (:) and the 


custom port number. For example, if your external address is 134.177.0.123 and 
you use port number 8080, then enter http://134.177.0.123:8080 in your browser. 
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Traffic Meter 


Traffic Metering allows you to monitor the volume of Internet traffic passing through your router's 
Internet port. With the Traffic Meter utility, you can set limits for traffic volume, set a monthly 


limit, and get a live update of traffic usage. 


To monitor traffic on your router, do the following: 


1. Onthe Advanced menu, click Traffic Meter. 


Traffic Meter 


Internet Traffic Meter 


Enable Traffic Meter 


© Connection time control 


Traffic Counter 


Traffic Control 


Pop up a warning message 


[0 Mbytes/Minutes before the monthly limit is reached 


When the monthly limit is reached 


Turn the Internet LED to flashing green/amber 


Disconnect and disable the Internet connection 


Internet Traffic Statistics 

start date / time: Wed Dec 31 16:00:00 1969 
Current(s) Date / Time: Fri Dec 31 16:00:36 2009 
Remaining data volume: 0 Bytes 


Connection Time Traffic Volume (Mbytes) 


Counting Period (hh:mm) Upload/Avg ^ Download/Avg 

Today 0.0 0.00 0.00 
Yesterday 0.0 0.00 0.00 
This week 0.0 0.00/0.00 0.00/0.00 
Thss nili 0.0 0.00/0.00 0.00/0.00 
Last month 0.0 0.00/0.00 0.00/0.00 

[ Refresh ] affic Stat 
Apply || Cancel 
Figure 4-10 


2. Toenable the Traffic Meter, click the Enable Traffic Meter check box. 


© Traffic volume control by [No limit ~] 
Monthly Limit [o Mbytes 
Round up data volume for each connection by [o Mbytes 


Monthly Limit 0 |hours 


Restart traffic counter at an [v] On the | 1st [v] day of each month 


Total/Avg 


0.00 

0.00 
0.00/0.00 
0.00/0.00 
0.00/0.00 
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If you would like to record and restrict the volume of Internet traffic, click the Traffic volume 
control by radio button. You can select one of the following options for controlling the traffic 
volume: 


* No Limit- No restriction is applied when the traffic limit is reached. 

e Download only - The restriction is applied to incoming traffic only. 

* Both Directions — The restriction is applied to both incoming and outgoing traffic. 
You can limit the amount of data traffic allowed per month: 

e By specifying how many Mbytes per month are allowed. 

* By specifying how many hours of traffic are allowed. 

Set the Traffic Counter to begin at a specific time and date. 


Set up Traffic Control to issue a warning message before the month limit of Mbytes or Hours 
is reached. You can select one of the following to occur when the limit is attained: 


* The Internet LED flashes green or amber. 
e The Internet connection is disconnected and disabled. 
Set up Internet Traffic Statistics to monitor the data traffic. 


Click the Traffic Status button if you want a live update on Internet traffic status on your 
router. 


Click Apply to save your settings. 
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Chapter 5 
Customizing Your Network Settings 


This chapter describes advanced features of the N600 Wireless Dual Band Router WNDR3400. 
This chapter includes the following sections: 


* “Using the LAN Setup Options" 

* “Using a Dynamic DNS Service" on page 5-5 

* “Configuring the WAN Setup Options" on page 5-7 

e “Configuring Static Routes" on page 5-9 

e “Allowing Inbound Connections to Your Network" on page 5-11 
e “Configuring Port Forwarding to Local Servers" on page 5-16 

e “Configuring Port Triggering” on page 5-18 

* "Wireless Repeating (Also Called WDS)" on page 5-22 


Using the LAN Setup Options 


The LAN Setup screen allows configuration of LAN IP services such as Dynamic Host 
Configuration Protocol (DHCP) and Routing Information Protocol (RIP). 


The router is shipped preconfigured to use private IP addresses on the LAN side and to act as a 
DHCP server. The router’s default LAN IP configuration is: 


e LAN IP address: 192.168.1.1 
e Subnet mask: 255.255.255.0 


These addresses are part of the designated private address range for use in private networks and 
should be suitable for most applications. If your network has a requirement to use a different IP 
addressing scheme, you can make those changes in the LAN Setup screen. 
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To configure LAN IP settings, log in to the router, and under the Advanced heading, select LAN 
Setup. The following screen displays: 


LAN Setup 


Device Name 


LAN TCPIIP Setup 
IP Address 192 |, |168 |, |1 

IP Subnet Mask 25s |, |25s |. |2ss |. |o 
RIP Direction Noe Y 


RIP Version Disabled v 


v] Use Router as DHCP Server 


Starling IP Address 


Ending IP Address $ 3 . [254 


Address Reservation 
" IP Address Device Name Mac Address 


Figure 5-1 


If you make changes you must click Apply in order for the changes to take effect. 


Note: If you change the LAN IP address of the router while connected through the 


browser, you will be disconnected. You must then open a new connection to the 
new IP address and log in again. 


The LAN Setup fields are explained in the following table. 
Table 5-1. LAN Setup 


Settings Description 


Device Name A descriptive name for the router, which will be shown in the 
Network on Windows Vista and the Network Explorer on all 
Windows systems. The Device Name field cannot be blank. 
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Table 5-1. LAN Setup 


Settings 


LAN TCP/IP 
Setup 


DHCP Server 
For more 
information 


IP Address 
IP Subnet Mask 


RIP Direction 


Description 


The LAN IP address of the wireless router. 


The LAN subnet mask of the wireless router. Combined 
with the IP address, the IP Subnet Mask allows a device to 
know which other addresses are local to it, and which must 
be reached through a gateway or wireless router. 


RIP (Router Information Protocol) allows a wireless router 

to exchange routing information with other routers. This 

setting controls how the wireless router sends and receives 

RIP packets. Both is the default. 

* Both or Out Only. The wireless router broadcasts its 
routing table periodically. 

* Both or In Only. The wireless router incorporates the RIP 
information that it receives. 


RIP Version 


Use Router as a DHCP 
Server 


Starting IP Address 


This controls the format and the broadcasting method of the 

RIP packets that the wireless router sends. It recognizes 

both formats when receiving. By default, the RIP function is 

disabled. 

* RIP-1 is universally supported. It is adequate for most 
networks, unless you have an unusual network setup. 

* RIP-2 carries more information. Both RIP-2B and RIP-2M 
send the routing data in RIP-2 format. RIP-2B uses 
subnet broadcasting. RIP-2M uses multicasting. 


This check box is usually selected so that the wireless 
router functions as a Dynamic Host Configuration Protocol 
(DHCP) server. See "Using the Router as a DHCP Server" 
on page 5-4. 


Specify the start of the range for the pool of IP addresses in 
the same subnet as the wireless router. 


Ending IP Address 


Address Reservation 
For more information, see “Address 
Reservation" on page 5-4. 


Specify the end of the range for the pool of IP addresses in 
the same subnet as the wireless router. 


When you specify a reserved IP address for a computer on 
the LAN, that computer receives the same IP address each 
time it access the router's DHCP server. Assign reserved IP 
addresses to servers that require permanent IP settings. 
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Using the Router as a DHCP Server 


By default, the router functions as a DHCP server, allowing it to assign IP, DNS server, and default 
gateway addresses to all computers connected to the router's LAN. The assigned default gateway 
address is the LAN address of the router. The router assigns IP addresses to the attached computers 
from a pool of addresses specified in this screen. Each pool address is tested before it is assigned to 
avoid duplicate addresses on the LAN. 


For most applications, the default DHCP and TCP/IP settings of the router are satisfactory. Click 
the link to the online document *TCP/IP Networking Basics" in Appendix B for an explanation of 
DHCP and information about how to assign IP addresses for your network. 


Specify the pool of IP addresses to be assigned by setting the starting IP address and ending IP 
address. These addresses should be part of the same IP address subnet as the router's LAN IP 
address. Using the default addressing scheme, you should define a range between 192.168.1.2 and 
192.168.1.254, although you might wish to save part of the range for devices with fixed addresses. 


The router delivers the following parameters to any LAN device that requests DHCP: 
e  AnIP Address from the range you have defined 

* Subnet Mask 

e Gateway IP Address (the router's LAN IP address) 


* Primary DNS Server (if you entered a primary DNS address in the Basic Settings screen; 
otherwise, the router's LAN IP address) 


e Secondary DNS Server (if you entered a secondary DNS address in the Basic Settings screen) 


To use another device on your network as the DHCP server, or to manually configure the network 
settings of all of your computers, clear the Use Router as DHCP Server check box. Otherwise, 
leave it selected. If this service is not selected and no other DHCP server is available on your 
network, you will need to set your computers' IP addresses manually or they will not be able to 
access the router. 


Address Reservation 


When you specify a reserved IP address for a computer on the LAN, that computer always 
receives the same IP address each time it accesses the router's DHCP server. Reserved IP 
addresses should be assigned to computers or servers that require permanent IP settings. 


To reserve an IP address: 


1. Click Add. 
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2. Inthe IP Address field, type the IP address to assign to the computer or server. (Choose an IP 
address from the router's LAN subnet, such as 192.168.1.x.) 


3. Type the MAC address of the computer or server. 


Q Tip: If the computer is already present on your network, you can copy its MAC 
2 0 address from the Attached Devices screen and paste it here. 


4. Click Apply to enter the reserved address into the table. 


Note: The reserved address is not assigned until the next time the computer contacts 
the router's DHCP server. Reboot the computer or access its IP configuration 
and force a DHCP release and renew. 


To edit or delete a reserved address entry: 
1. Select the radio button next to the reserved address you want to edit or delete. 


2. Click Edit or Delete. 


Using a Dynamic DNS Service 


If your Internet Service Provider (ISP) gave you a permanently assigned IP address, you can 
register a domain name and have that name linked with your IP address by public Domain Name 
Servers (DNS). However, if your Internet account uses a dynamically assigned IP address, you do 
not know in advance what your IP address will be, and the address can change frequently. In this 
case, you can use a commercial Dynamic DNS service, which allows you to register your domain 
to their IP address, and forwards traffic directed at your domain to your frequently changing IP 
address. 


Note: If your ISP assigns a private WAN IP address (such as 192.168.x.x or 10.x.x.x), the 
Dynamic DNS service will not work because private addresses are not routed on 
the Internet. 


Your router contains a client that can connect to the Dynamic DNS service provided by 
DynDNS.org. You must first visit their website at www.dyndns.org and obtain an account and host 
name, which you configure in the router. Then, whenever your ISP-assigned IP address changes, 
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your router automatically contacts the Dynamic DNS service provider, logs in to your account, and 
registers your new IP address. If your host name is hostname, for example, you can reach your 
router at hostname.dyndns.org. 


From the main menu, under Advanced, select Dynamic DNS to display the Dynamic DNS screen. 


Dynamic DNS 


Use a Dynamic DNS Service 


Service Provider | www.DynDNS.org ¥ | 


Host Name | | 


User Name [ | 


Password ] 


Use Wildcards 


[ Apply Jl Cancel Jl Show Status 


Figure 5-2 


To configure Dynamic DNS: 


1. Register for an account with one of the Dynamic DNS service providers whose names appear 
in the Service Provider list. For example, for DynDNS.org, select www.dyndns.org. 


Select the Use a Dynamic DNS Service check box. 
Select the name of your Dynamic DNS service provider. 


Type the host name (or domain name) that your Dynamic DNS service provider gave you. 


VP WwW N 


Type the user name for your Dynamic DNS account. This is the name that you use to log in to 
your account, not your host name. 


6. Type the password (or key) for your Dynamic DNS account. 


7. If your Dynamic DNS provider allows the use of wildcards in resolving your URL, you can 
select the Use Wildcards check box to activate this feature. 
For example, the wildcard feature causes *.yourhost.dyndns.org to be aliased to the same IP 
address as yourhost.dyndns.org. 


8. Click Apply to save your configuration. 
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Configuring the WAN Setup Options 


The WAN Setup screen lets you configure a DMZ (demilitarized zone) server, change the 
Maximum Transmit Unit (MTU) size, and enable the wireless router to respond to a ping on the 
WAN (Internet) port. From the main menu, under Advanced, click WAN Setup to view the WAN 
Setup screen. 


WAN Setup 


Disable SPI Firewall 


Default DMZ Server 


Respond to Ping on Internet Port 


MTU Size(in bytes) [1500 


JAT Filtering © Secured O Open 
Disable SIP ALG 


Cancel 


Figure 5-3 


The WAN Setup fields are described in the following table: 
Table 5-2. WAN Setup Settings 


Setting Description 


Disable SPI Firewall The Stateful Packet Inspection (SPI) firewall protects your network and 
computers against attacks and intrusions. A stateful packet firewall carefully 
inspects incoming traffic packets, looking for known exploits such as 
malformed, oversized, or out-of-sequence packets. The firewall should be 
disabled only in special circumstances, such as when you are troubleshooting 
application issues. 


Default DMZ Server This feature is sometimes helpful when you are using some online games and 
videoconferencing. Be careful when using this feature because it makes the 
firewall security less effective. See the following section, Configuring Static 
Routes. 


Respond to Ping on Internet | If you want the wireless router to respond to a ping from the Internet, select 

Port this check box. This should be used only as a diagnostic tool, since it allows 
your wireless router to be discovered. Do not select this check box unless you 
have a specific reason to do so. 


MTU Size (in bytes) The normal MTU (Maximum Transmit Unit) value for most Ethernet networks 
is 1500 bytes, or 1492 Bytes for PPPoE connections. For some ISPs you 
might need to reduce the MTU. This is rarely required, and should not be done 
unless you are sure it is necessary for your ISP connection. See "Changing 
the MTU Size" on page 6-6. 
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Table 5-2. WAN Setup Settings 


Setting Description 


NAT Filtering Network Address Translation (NAT) determines how the router processes 
inbound traffic. Secured NAT provides a secured firewall to protect the 
computers on the LAN from attacks from the Internet, but might prevent some 
Internet games, point-to-point applications, or multimedia applications from 
functioning. Open NAT provides a much less secured firewall, but allows 


almost all Internet applications to function. 


Disable SIP ALG Select this feature if you have a SIP (Session Initiation Protocol) telephone or 
other SIP base devices, and you want them to communicate with other 
people. If you have been unable to build a successful SIP connection, 
selecting this check box allows for such a connection without compromising 
other SIP ALG (Application-level gateway) firewall settings, such as Disable 
SPI Firewall. If you are not using SIP devices, leave this check box 
unchecked. 


Setting Up a Default DMZ Server 


The default DMZ server feature is helpful when you are using some online games and 
videoconferencing applications that are incompatible with Network Address Translation (NAT). 
The router is programmed to recognize some of these applications and to work correctly with 
them, but there are other applications that might not function well. In some cases, one local 
computer can run the application correctly if that computer's IP address is entered as the default 
DMZ server. 


Warning: DMZ servers pose a security risk. A computer designated as the default DMZ 
A server loses much of the protection of the firewall and is exposed to exploits 
from the Internet. If compromised, the DMZ server computer can be used to 
attack other computers on your network. 


Incoming traffic from the Internet is usually discarded by the router unless the traffic is a response 
to one of your local computers or a service that you have configured in the Port Forwarding/Port 
Triggering screen. Instead of discarding this traffic, you can have it forwarded to one computer on 
your network. This computer is called the default DMZ server. 


The WAN Setup screen lets you configure a default DMZ server. 
To assign a computer or server to be a default DMZ server: 

1. Click the Default DMZ Server check box. 

2. Type the IP address. 
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Configuring Static Routes 


Static routes provide additional routing information to your router. Under usual circumstances, the 
router has adequate routing information after it has been configured for Internet access, and you do 
not need to configure additional static routes. You must configure static routes only for unusual 
cases such as multiple routers or multiple IP subnets located on your network. 


As an example of when a static route is needed, consider the following case: 
* Your primary Internet access is through a cable modem to an ISP. 


* You have an ISDN router on your home network for connecting to the company where you are 
employed. This router's address on your LAN 1s 192.168.1.100. 


* Your company's network address is 134.177.0.0. 


When you first configured your router, two implicit static routes were created. A default route was 
created with your ISP as the gateway, and a second static route was created to your local network 
for all 192.168.1.x addresses. With this configuration, if you attempt to access a device on the 
134.177.0.0 network, your router forwards your request to the ISP. The ISP forwards your request 
to the company where you are employed, and the request is likely to be denied by the company's 
firewall. 


In this case you must define a static route, telling your router that 134.177.0.0 should be accessed 
through the ISDN router at 192.168.1.100. 


In this example: 


* The Destination IP Address and IP Subnet Mask fields specify that this static route applies 
to all 134.177.x.x addresses. 


* The Gateway IP Address field specifies that all traffic for these addresses should be 
forwarded to the ISDN router at 192.168.1.100. 


e . A Metric value of 1 will work since the ISDN router is on the LAN. 


* Private is selected only as a precautionary security measure in case RIP is activated. 


Customizing Your Network Settings 5-9 
v1.0, June 2010 


N600 Wireless Dual Band Router WNDR3400 User Manual 


Select Static Routes under Advanced in the main menu. The Static Routes screen displays. 


Static Routes 


*|Active| Name Destination | Gateway 


Figure 5-4 


To add or edit a static route: 


1. Click Add to open the Static Routes screen. 
Static Routes 


Route Name 


LJ Private 


[v] Active 
Destination IP Address 


IP Subnet Mask 


Gateway IP Address 


Metric 


Figure 5-5 
2. Inthe Route Name field, type a name for this static route. (This is for identification purposes 
only.) 


3. Select the Private check box if you want to limit access to the LAN only. If Private is selected, 
the static route is not reported in RIP. 


4. Select the Active check box to make this route effective. 
Type the destination IP address of the final destination. 


6. Type the IP subnet mask for this destination. 
If the destination is a single host, type 255.255.255.255. 


7. Type the gateway IP address, which must be a router on the same LAN segment as the 
WNDR3400 router. 


Customizing Your Network Settings 5-10 
v1.0, June 2010 


N600 Wireless Dual Band Router WNDR3400 User Manual 


8. Typea number between 1 and 15 as the metric value. 
This represents the number of routers between your network and the destination. Usually, a 
setting of 2 or 3 works, but if this 1s a direct connection, set it to 1. 


9. Click Apply to have the static route entered into the table. 


Allowing Inbound Connections to Your Network 


By default, the WNDR3400 router blocks any inbound traffic from the Internet to your computers 
except for replies to your outbound traffic. However, you might need to create exceptions to this 
rule for the following purposes: 


* To allow remote computers on the Internet to access a server on your local network. 


* To allow certain applications and games to work correctly when their replies are not 
recognized by your router. 


Your router provides two features for creating these exceptions: port forwarding and port 
triggering. This section explains how a normal outbound connection works, followed by two 
examples explaining how port forwarding and port triggering operate and how they differ. 


How Your Computer Accesses a Remote Computer through Your 
Router 


When a computer on your network needs to access a computer on the Internet, your computer 
sends your router a message containing source and destination address and process information. 
Before forwarding your message to the remote computer, your router must modify the source 
information and must create and track the communication session so that replies can be routed 
back to your computer. 


Here is an example of normal outbound traffic and the resulting inbound responses: 


1. You open Internet Explorer, beginning a browser session on your computer. Invisible to you, 
your operating system assigns a service number (port number) to every communication 
process running on your computer. In this example, let's say Windows assigns port number 
5678 to this browser session. 


2. Youask your browser to get a Web page from the Web server at www.example.com. Your 
computer composes a Web page request message with the following address and 
port information: 


* The source address is your computer's IP address. 


* The source port number is 5678, the browser session. 
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e The destination address is the IP address of www.example.com, which your computer 
finds by asking a DNS server. 


* The destination port number is 80, the standard port number for a Web server process. 
Your computer then sends this request message to your router. 


3. Your router creates an entry in its internal session table describing this communication session 
between your computer and the Web server at www.example.com. Before sending the Web 
page request message to www.example.com, your router stores the original information and 
then modifies the source information in the request message, performing Network Address 
Translation (NAT): 


* The source address is replaced with your router's public IP address. 
This is necessary because your computer uses a private IP address that is not globally 
unique and cannot be used on the Internet. 


* The source port number is changed to a number chosen by the router, such as 33333. This 
is necessary because two computers could independently be using the same session 
number. 


Your router then sends this request message through the Internet to the Web server at 
www.example.com. 


4. The Web server at www.example.com composes a return message with the requested Web 
page data. The return message contains the following address and port information: 


* The source address is the IP address of www.example.com. 

* The source port number is 80, the standard port number for a Web server process. 
e The destination address is the public IP address of your router. 

* The destination port number is 33333. 

The Web server then sends this reply message to your router. 


5. Upon receiving the incoming message, your router checks its session table to determine 
whether there is an active session for port number 33333. Finding an active session, the router 
then modifies the message, restoring the original address information replaced by NAT. The 
message now contains the following address and port information: 


* The source address is the IP address of www.example.com. 
* The source port number is 80, the standard port number for a Web server process. 
* The destination address 1s your computer's IP address. 


* The destination port number is 5678, the browser session that made the initial request. 
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Your router then sends this reply message to your computer, which displays the Web page 
from www.example.com. 


6. When you finish your browser session, your router eventually senses a period of inactivity in 
the communications. Your router then removes the session information from its session table, 
and incoming traffic is no longer accepted on port number 33333. 


How Port Triggering Changes the Communication Process 


In the preceding example, requests are sent to a remote computer by your router from a particular 
service port number, and replies from the remote computer to your router are directed to that port 
number. If the remote server sends a reply back to a different port number, your router will not 
recognize it and will discard it. However, some application servers (such as FTP and IRC servers) 
send replies back to multiple port numbers. Using the port triggering function of your router, you 
can tell the router to open additional incoming ports when a particular outgoing port originates 

a session. 


An example is Internet Relay Chat (IRC). Your computer connects to an IRC server at destination 
port 6667. The IRC server not only responds to your originating source port, but also sends an 
"identify" message to your computer on port 113. Using port triggering, you can tell the router, 
*When you initiate a session with destination port 6667, you must also allow incoming traffic on 
port 113 to reach the originating computer." Using steps similar to the preceding example, the 
following sequence shows the effects of the port triggering rule you have defined: 


1. You open an IRC client program, beginning a chat session on your computer. 


2. YourIRC client composes a request message to an IRC server using a destination port number 
of 6667, the standard port number for an IRC server process. Your computer then sends this 
request message to your router. 


3. Your router creates an entry in its internal session table describing this communication session 
between your computer and the IRC server. Your router stores the original information, 
performs Network Address Translation (NAT) on the source address and port, and sends this 
request message through the Internet to the IRC server. 


4. Noting your port triggering rule, and having observed the destination port number of 6667, 
your router creates an additional session entry to send any incoming port 113 traffic to your 
computer. 


5. The IRC server sends a return message to your router using the NAT-assigned source port (as 
in the previous example, let's say port 33333) as the destination port. The IRC server also 
sends an "identify" message to your router with destination port 113. 
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6. Uponreceiving the incoming message to destination port 33333, your router checks its session 
table to determine whether there is an active session for port number 33333. Finding an active 
session, the router restores the original address information replaced by NAT and sends this 
reply message to your computer. 


7. Upon receiving the incoming message to destination port 113, your router checks its session 
table and learns that there is an active session for port 113, associated with your computer. The 
router replaces the message's destination IP address with your computer's IP address and 
forwards the message to your computer. 


8. When you finish your chat session, your router eventually senses a period of inactivity in the 
communications. The router then removes the session information from its session table, and 
incoming traffic is no longer accepted on port numbers 33333 or 113. 


To configure port triggering, you need to know which inbound ports the application needs. Also, 
you need to know the number of the outbound port that will trigger the opening of the inbound 
ports. You can usually determine this information by contacting the publisher of the application, or 
user groups or newsgroups. 


Note: Only one computer at a time can use the triggered application. 


How Port Forwarding Changes the Communication Process 


In both of the preceding examples, your computer initiates an application session with a server 
computer on the Internet. However, you might need to allow a client computer on the Internet to 
initiate a connection to a server computer on your network. Normally, your router ignores any 
inbound traffic that is not a response to your own outbound traffic. You can configure exceptions 
to this default rule by using the port forwarding feature. 


A typical application of port forwarding can be shown by reversing the client-server relationship 
from our previous Web server example. In this case, a remote computer's browser needs to access 
a Web server running on a computer in your local network. Using port forwarding, you can tell the 
router, “When you receive incoming traffic on port 80 (the standard port number for a Web server 
process), forward it to the local computer at 192.168.1.123." The following sequence shows the 
effects of the port forwarding rule you have defined: 


1. The user of a remote computer opens Internet Explorer and requests a Web page from 
www.example.com, which resolves to the public IP address of your router. The remote 
computer composes a Web page request message with the following destination information: 
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e The destination address is the IP address of www.example.com, which is the address of 
your router. 


* The destination port number is 80, the standard port number for a Web server process. 
The remote computer then sends this request message through the Internet to your router. 


Your router receives the request message and looks in its rules table for any rules covering the 
disposition of incoming port 80 traffic. Your port forwarding rule specifies that incoming port 
80 traffic should be forwarded to local IP address 192.168.1.123. Therefore, your router 
modifies the destination information in the request message: 


The destination address is replaced with 192.168.1.123. 
Your router then sends this request message to your local network. 


Your Web server at 192.168.1.123 receives the request and composes a return message with 
the requested Web page data. Your Web server then sends this reply message to your router. 


Your router performs Network Address Translation (NAT) on the source IP address, and sends 
this request message through the Internet to the remote computer, which displays the Web 
page from www.example.com. 


To configure port forwarding, you need to know which inbound ports the application needs. You 
usually can determine this information by contacting the publisher of the application or user 
groups or newsgroups. 


How Port Forwarding Differs from Port Triggering 


The following points summarize the differences between port forwarding and port triggering: 


Port triggering can be used by any computer on your network, although only one computer can 
use it at a time. 


Port forwarding is configured for a single computer on your network. 


Port triggering does not need to know the computer's IP address in advance. The IP address is 
captured automatically. 


Port forwarding requires that you specify the computer's IP address during configuration, and 
the IP address must never change. 


Port triggering requires specific outbound traffic to open the inbound ports, and the triggered 
ports are closed after a period of no activity. 


Port forwarding is always active and does not need to be triggered. 
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Configuring Port Forwarding to Local Servers 


Using the port forwarding feature, you can allow certain types of incoming traffic to reach servers 
on your local network. For example, you might make a local Web server, FTP server, or game 
server visible and available to the Internet. 


Use the Port Forwarding screen to configure the router to forward specific incoming protocols to 
computers on your local network. In addition to servers for specific applications, you can also 
specify a default DMZ server to which all other incoming protocols are forwarded. The DMZ 
server is configured in the WAN Setup screen, as discussed in "Setting Up a Default DMZ Server” 
on page 5-8. 


Before starting, you need to determine which type of service, application, or game you will 
provide, and the local IP address of the computer that will provide the service. Be sure the 
computer's IP address never changes. 


reserved IP address feature of your WNDR3400 router. See “Address Reservation" 


! Q Tip: To ensure that your server computer always has the same IP address, use the 
on page 5-4 for instructions on how to use reserved IP addresses. 


To configure port forwarding to a local server: 


1. Select Port Forwarding/Port Triggering under Advanced in the main menu. 
Port Forwarding ! Port Triggering 


Please select the service type. 
® Port Forwarding 


© Part Triggering 


Service Name Server IP Address 
FTP v| he je Ih | [Add | | 
li 
# Server Name Start Port End Port Server IP Address | 
Edit Service Delete Service 


| Add Custom Serice ] 


Figure 5-6 


2. Select the Port Forwarding radio button as the Service type. 
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3. From the Service Name list, select the service or game that you will host on your network. 
If the service does not appear in the list, see the following section, ^Adding a Custom 
Service." 


4. Inthe corresponding Server IP Address box, enter the last digit of the IP address of your local 
computer that will provide this service. 


5. Click Add. The service appears in the list in the screen. 


Adding a Custom Service 


To define a service, game, or application that does not appear in the Service Name list, you must 
first determine which port number or range of numbers is used by the application. You can usually 
determine this information by contacting the publisher of the application or user groups or 
newsgroups. When you have the port number information, follow these steps: 


1. Select Port Forwarding/Port Triggering under Advanced in the main menu. 
2. Select the Port Forwarding radio button as the Service type. 


3. Click Add Custom Service. 


Ports - Custom Services 


Service Name | 
Protocol TCP/UDP |¥| 
Starting Port | (165534) 
Ending Port | a 455534) 
Server IP Address 1192 .|168 . 
Apply Cancel 
Figure 5-7 


4. Inthe Service Name field, enter a descriptive name. 
5. In the Protocol field, select the protocol. If you are unsure, select TCP/UDP. 
6. Inthe Starting Port field, enter the beginning port number. 


* If the application uses only a single port, enter the same port number in the Ending Port 
field. 
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e Ifthe application uses a range of ports, enter the ending port number of the range in the 
Ending Port field. 


7. Inthe Server IP Address field, enter the IP address of your local computer that will provide 
this service. 


8. Click Apply. The service appears in the list in the Port Forwarding/Port Triggering screen. 


Editing or Deleting a Port Forwarding Entry 


To edit or delete a port forwarding entry: 
1. Inthe table, select the button next to the service name. 


2. Click Edit Service or Delete Service. 


Application Example: Making a Local Web Server Public 


If you host a Web server on your local network, you can use port forwarding to allow Web 
requests from anyone on the Internet to reach your Web server. 


To make a local Web server public: 


1. Assign your Web server either a fixed IP address or a dynamic IP address using DHCP address 
reservation, as explained in “Address Reservation" on page 5-4. In this example, your router 
will always give your Web server an IP address of 192.168.1.33. 


2. Inthe Port Forwarding screen, configure the router to forward the HTTP service to the local 
address of your Web server at 192.168.1.33. 
HTTP (port 80) is the standard protocol for Web servers. 


3. (Optional) Register a host name with a Dynamic DNS service, and configure your router to 
use the name as described in *Using a Dynamic DNS Service" on page 5-5. 
To access your Web server from the Internet, a remote user must know the IP address that has 
been assigned by your ISP. However, if you use a Dynamic DNS service, the remote user can 
reach your server by a user-friendly Internet name, such as mynetgear.dyndns.org. 


Configuring Port Triggering 


Port triggering is a dynamic extension of port forwarding that is useful in these cases: 


* More than one local computer needs port forwarding for the same application (but not 
simultaneously). 


e Anapplication needs to open incoming ports that are different from the outgoing port. 
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When port triggering is enabled, the router monitors outbound traffic looking for a specified 
outbound “trigger” port. When the router detects outbound traffic on that port, it remembers the IP 
address of the local computer that sent the data. The router then temporarily opens the specified 
incoming port or ports, and forwards incoming traffic on the triggered ports to the triggering 
computer. 


While port forwarding creates a static mapping of a port number or range to a single local 
computer, port triggering can dynamically open ports to any computer that needs them and can 
close the ports when they are no longer needed. 


Note: If you use applications such as multiplayer gaming, peer-to-peer connections, real- 
time communications such as instant messaging, or remote assistance (a feature in 


Windows XP), you should also enable Universal Plug and Play (UPnP) according 
to the instructions in “Universal Plug and Play" on page 6-13. 


To configure port triggering, you need to know which inbound ports the application needs. Also, 
you need to know the number of the outbound port that will trigger the opening of the inbound 
ports. You can usually determine this information by contacting the publisher of the application or 
user groups or newsgroups. 


To set up port triggering: 


1. Select Port Forwarding/Port Triggering under Advanced in the main menu. The 
Forwarding/Port Triggering screen displays. 
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2. Select the Port Triggering radio button. The port triggering information displays. 
Port Forwarding / Port Triggering | 


Please select tlie service type 
© Port Forwarding 
© Port Triggering | 


[Disable Port Triggering 


Port Triggering Timeout (in minutes) 20 


Port Triggering Portmap Table 
# Enable Service Name |Service Type) Inbound Connection Service User 


© |1| [V] | dialpad 1 | TCP:51200 | TCP/UDP:51200 ANY 
Ol| El dialpad 2 | TCP:51201 TCP/UDP:51201 ANY 
O!3| E paltalk 1 TCP:2090 TCP/UDP:2090 ANY 
oll E paltalk 2 TCP:2091 TCP/UDP:2091 ANY 
ols M quicktime TCP:554 |TCP/UDP:6970..6990 ANY 
Olji M starcraft TCP:6112 TCPIUDP:6112 ANY 


[. Add Service J( Edit Service il Delete Service } 


Figure 5-8 


3. Clear the Disable Port Triggering check box. 


Note: If the Disable Port Triggering check box is selected after you configure port 
triggering, port triggering is disabled. However, any port triggering 


configuration information you added to the router is retained even though it is 
not used. 


4. Inthe Port Triggering Timeout field, enter a value up to 9999 minutes. This value controls 
the inactivity timer for the designated inbound ports. The inbound ports close when the 
inactivity time expires. This is required because the router cannot be sure when the application 
has terminated. 
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5. Click Add Service. 


Port Triggering - Services 


Service 
Service Name 


Service User Any bc 
Service Type TCP ¥ 
Triggering Port (1~65535) 


Required Inbound Connection 
Connection Type | TCP/UDP v 


Starting Port (1~65535) 
Ending Port (1~65535) 
Figure 5-9 


6. In the Service Name field, type a descriptive service name. 


7. Inthe Service User field, select Any (the default) to allow this service to be used by any 
computer on the Internet. Otherwise, select Single address, and enter the IP address of one 
computer to restrict the service to a particular computer. 


8. Select the service type, either TCP or UDP or both (TCP/UDP). If you are not sure, select 
TCP/UDP. 


9. Inthe Triggering Port field, enter the number of the outbound traffic port that will cause the 
inbound ports to be opened. 


10. Enter the inbound connection port information in the Connection Type, Starting Port, and 
Ending Port fields. 


11. Click Apply. The service appears in the Port Triggering Portmap table. 
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Wireless Repeating (Also Called WDS) 


The WNDR3400 router can be used with a wireless access point (AP) to build large bridged 
wireless networks. Wireless repeating is a type of Wireless Distribution System (WDS). 


Warning: If you use the wireless repeating function, your options for wireless security 
AN are limited to None or WEP. For more information about wireless security, see 
Chapter 2, “Safeguarding Your Network.” 


The following figure shows a wireless repeating scenario: 


Internet 


Repeater AP 


Base Station AP 


Figure 5-10 


To set up a wireless network using WDS, the following conditions must be met for both APs: 


* Both APs must use the same SSID, wireless channel, and encryption mode (see “Manually 
Configuring Your Wireless Settings” on page 2-4 or “Using Push 'N' Connect (WPS) to 
Configure Your Wireless Network” on page 2-11). 


* Both APs must be on the same LAN IP subnet. That is, all the AP LAN IP addresses are in the 
same network. 


e All LAN devices (wired and wireless computers) must be configured to operate in the same 
LAN network address range as the APs. 
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Wireless Repeating Function 


You can view or change wireless repeater settings for the wireless router. From the main menu of 
the browser interface, under Advanced, click Wireless Repeating Function to display the 
Wireless Repeating Function screen. 


Wireless Repeating Function 


Enable Wireless Repeating Function(2.4GHz b/gin) 
Wireless MAC of this router 00:22:3F:8C:F8:CO 


Wireless Repeater 


Repeater IP Address 


Disable Wireless Client Association 
Base Station MAC Address 


Wireless Base Station 
Disable Wireless Client Association 
Repeater MAC Address 1 


Repeater MAC Address 2 
Repeater MAC Address 3 


Repeater MAC Address 4 


Enable Wireless Repeating Function (5GHz a/n) 
Wireless MAC of this router 00:22:3F:8C:F8:C2 


Wireless Repeater x 
Repeater IP Address 


Disable Wireless Client Association 
Base Station MAC Address 


Wireless Base Station 


i GKK 


Disable Wireless Client Association 
Repeater MAC Address 1 


Repeater MAC Address 2 
Repeater MAC Address 3 


Repeater MAC Address 4 


Figure 5-11 


For each wireless radio (2.4GHz and 5GHz), the wireless router supports two modes of the 
wireless repeating function, and allows you to control wireless client association: 


* Wireless Repeater. The wireless router sends all traffic from its local wireless or wired 
computers to a remote AP. To configure this mode, you must know the MAC address of the 
remote parent AP. 


* Wireless Base Station. The wireless router acts as the parent AP, bridging traffic to and from 
the child repeater AP, as well as handling wireless and wired local computers. To configure 
this mode, you must know the MAC addresses of the child repeater AP. 


* Disable Wireless Client Association. Usually this check box is cleared so that the router is an 
access point for wireless computers. 
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If this check box is selected, the router communicates wirelessly only with other APs whose MAC 


addresses are listed in this screen. The router still communicates with wire-connected LAN 
devices. 


— | Note: The WNDR3400 router is always in dual band concurrent mode, unless you turn 
off one radio. Be aware that 1f you enable the wireless repeater in either radio band, 
the wireless base station or wireless repeater cannot be enabled in the other radio 
band. However, if you enable the wireless base station in either radio band and use 
the other radio band as a wireless router or wireless base station, dual band 
concurrent mode is not affected. 


Setting Up the Base Station 


The wireless repeating function works only in hub and spoke mode. The units cannot be daisy 
chained. You must know the wireless settings for both units. You must know the MAC address of 


the remote unit. First, set up the base station, and then set up the repeater. To set up the base 
station: 


1. Setup both units with exactly the same wireless settings (SSID, mode, channel, and security). 
Note that the wireless security option must be set to None or WEP. 
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2. Log into the wireless router base unit, under the Advanced heading, select Wireless 
Repeating Function to display the Wireless Repeating Function screen. 


Wireless Repeating Function 


Enable Wireless Repeating Function(2.4GHz bigin} 


Wireless MAC ofthis router CO:3F:0E:34:85:D8 
Wireless Repeater 
Repeater IP Address 


Disable Wireless Client Association 
Base Station MAC Address 


Wireless Base Station 
Disable Wireless Client Association 
Repeater MAC Address 1 | 


Repeater MAC Address 2 


Repeater MAC Address 3 


Repeater MAC Address 4 


C Enable Wireless Repeating Function (5GHz ain) 


Wireless MAC ofthis router CO:3F:0E:34:85:D 7 
Wireless Repeater 


Repeater IP Address | j£ |d 


Disable Wireless Client Association 
Base Station MAC Address 
Wireless Base Station 
Disable Wireless Client Association 
Repeater MAC Address 1 
Repeater MAC Address 2 
Repeater MAC Address 3 


Repeater MAC Address 4 


Figure 5-12 


3. Inthe Wireless Repeating Function screen (depending on the frequency you want to use), 
select the Enable Wireless Repeating Function check box and the Wireless Base Station 
radio button. 


4. Enter the MAC address for one or more repeater units. 


5. Click Apply to save your changes. 
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Setting Up a Repeater Unit 


Use a wired Ethernet connection to set up the repeater unit to avoid conflicts with the wireless 
connection to the base station. 


Note: If you are using the WNDR3400 base station with a non-NETGEAR wireless 
router as the repeater, you might need to change additional configuration settings. 


In particular, you should disable the DHCP server function on the wireless 
repeater AP. 


To configure a WNDR3400 router as a repeater unit: 


1. Log in to the router that will be the repeater. Check the Wireless Settings screen, and verify 
that the wireless settings match the base unit exactly. The wireless security option must be set 
to WEP or None. 


2. Inthe Wireless Repeating Function screen (depending on the frequency you want to use), 
select the Enable Wireless Repeating Function check box and the Wireless Repeater radio 
button. 


3. Fill in the Repeater IP Address field. This IP address must be in the same subnet as the base 
station, but different from the LAN IP of the base station 


4. Click Apply to save your changes. 
5. Verify connectivity across the LANs. 


A computer on any wireless or wired LAN segment of the wireless router should be able to 
connect to the Internet or share files and printers with any other wireless or wired computer or 
server connected to the other AP. 
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Chapter 6 
Fine-Tuning Your Network 


This chapter describes features to help you manage your N600 Wireless Dual Band Router 
WNDR3400. 


This chapter includes the following sections: 


"Assessing Your Speed Requirements" on page 6-2 
"Optimizing Your Network Bandwidth" on page 6-3 
"Optimizing Wireless Performance" on page 6-5 
"Changing the MTU Size" on page 6-6 

"Quality of Service (QoS)" on page 6-7 


Common connection types and their speed and security considerations are: 


Broadband Internet. Your Internet connection speed is determined by your modem type, 
such as ADSL or cable modem, as well as the connection speed of the sites to which you 
connect, and general Internet traffic. ADSL and cable modem connections are asymmetrical, 
meaning they have a lower data rate to the Internet (upstream) than from the Internet 
(downstream). Keep in mind that when you connect to another site that also has an 
asymmetrical connection, the data rate between your sites is limited by each side's upstream 
data rate. A typical residential ADSL or cable modem connection provides a downstream 
throughput of about 1 to 3 megabits per second (Mbps). Newer technologies such as ADSL2+ 
and Fiber to the Home (FTTH) will increase the connection speed to tens of Mbps. 


Wireless. Your N600 Wireless Dual Band Router WNDR3400 provides a wireless data 
throughput of up to 300 Mbps using technology called multiple input, multiple output 
(MIMO), in which multiple antennas transmit multiple streams of data. The use of multiple 
antennas also provides excellent range and coverage. With the introduction of the newer WPA 
and WPA2 encryption and authentication protocols, wireless security is extremely strong. 


To get the best performance, use an N600 Wireless adapter, such as the WNDA3100, for your 
computers. Although the N600 Wireless router is compatible with older 802.11b and 802.11g 
adapters, the use of these older wireless technologies in your network can result in lower 
throughput overall (typically less than 10 Mbps for 802.11b and less than 40 Mbps for 
802.11g). In addition, many older wireless products do not support the latest security 
protocols, WPA and WPA2. 
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Powerline. For connecting rooms or floors that are blocked by obstructions or are distant 
vertically, consider networking over your building's AC wiring. NETGEAR's Powerline HD 
family of products delivers up to 200 Mbps to any outlet, while the older-generation XE 
family of products delivers 14 Mbps or 85 Mbps. Data transmissions are encrypted for 
security, and you can configure an individual network password to prevent neighbors from 
connecting. 


The Powerline HD family of products can coexist on the same network with older-generation 
XE family products or HomePlug 1.0 products, but they are not interoperable with these older 
products. 


Wired Ethernet. As gigabit-speed Ethernet ports (10/100/1000 Mbps) become common on 
newer computers, wired Ethernet remains a good choice for speed, economy, and security. 
Gigabit Ethernet can extend up to 100 meters with twisted-pair wiring of CAT-5e or better. A 
wired connection is not susceptible to interference, and eavesdropping would require a 
physical connection to your network. 


Note: Actual data throughput will vary. Network conditions and environmental factors, 


including volume of network traffic, building materials and construction, and 
network overhead, can lower actual data throughput rate. 


Assessing Your Speed Requirements 


Because your Internet connection is likely to operate at a much lower speed than your local 
network, faster local networking technologies might not improve your Internet experience. 
However, many emerging home applications require high data rates. For example: 


Streaming HD video requires 10 to 30 Mbps per stream. Because latency and packet loss can 
disrupt your video, plan to provide at least twice the capacity you need. 


Streaming MP3 audio requires less than 1 Mbps per stream and does not strain most modern 
networks. Like video, however, streaming audio is also sensitive to latency and packet loss, so 
a congested network or a noisy link can cause problems. 


Fine-Tuning Your Network 6-2 


v1.0, June 2010 


N600 Wireless Dual Band Router WNDR3400 User Manual 


* Backing up computers over the network has become popular due to the availability of 
inexpensive mass storage. Table 6-1 shows the time to transfer 1 gigabyte (GB) of data using 


various networking technologies. 


Table 6-1. Theoretical Transfer Time for 1 Gigabyte 


Network Connection 


Theoretical Raw Transfer Time 


802.119 wireless 
802.11b wireless 


Gigabit wired Ethernet 8 seconds 

RangeMax NEXT Wireless-N 26 seconds 
Powerline HD 40 seconds 
100 Mbps wired Ethernet 80 seconds 
802.11n wireless 45 seconds 


150 seconds 


700 seconds 


10 Mbps wired Ethernet 


800 seconds 


Cable modem (3 Mbps) 
Analog modem (56 kbps) 


2700 seconds 
144,000 seconds (40 hours) 


Optimizing Your Network Bandwidth 


As your network grows, it might consist of several segments of different networking technologies, 
each providing different throughput. In planning your network, you should first consider which 
devices will have the heaviest traffic flow between them. Examples are: 


* A media center in one room streaming high-definition video from a server in another room 


e A storage device that is used for backing up your computers 
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Next, consider the throughput of your network devices. Where possible, make the heaviest-traffic 
connections using higher-speed technologies, with no lower-speed bottlenecks in the path. 


GS605 
5-port Gigabit 
Ethernet Switch 


— 


A 


C101T y cC 
Storage Central O—— 9 ( F 
cm with Gigabit DesktpPC 
1 with GA311 


Gigabit PCI Adapter 


XAV101 
Powerline 
Adapter 


Notebook PC 
with GA511 
Gigabit PC Card 


Broadband 


modem 
“= 1000 Mbps Notebook PC 
^ 300 Mbps with WNA3100 
—— 200 Mbps N300 Wireless 
—— 10/100 Mbps N600 Wireless USB Adapter 
— 1-3 Mbps typical Dual Band Router 


Figure 6-1 


Figure 6-1 shows a sample network using multiple networking technologies. In this network, the 
two PCs with Gigabit (1000 Mbps) Ethernet adapters have a gigabit connection through the GS605 
switch to the storage server. This connection should allow for extremely fast backups or quick 
access to large files on the server. The PC connected through a pair of Powerline HD adapters is 
limited to the 200 Mbps speed of the Powerline HD connection. Although any of the links in this 
example would be sufficient for high-traffic applications such as streaming HD video, the use of 
older devices such as 10 Mbps Ethernet or 802.11b wireless would create a significant bottleneck. 
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Optimizing Wireless Performance 


The speed and operating distance or range of your wireless connection can vary significantly based 
on the physical placement of the wireless router. Y ou should choose a location for your router that 
will maximize the network speed. 


- A |Note: Failure to follow these guidelines can result in significant performance degradation 

or inability to wirelessly connect to the router. For complete range and 
performance specifications, click the link to the online document “Wireless 
Networking Basics" in Appendix B. 


The following list describes how to optimize wireless router performance. 


e Identify critical wireless links. 
If your network has several wireless devices, decide which wireless devices need the highest 
data rate, and locate the router near them. Many wireless products have automatic data-rate 
fallback, which allows increased distances without loss of connectivity. This also means that 
devices that are farther away might be slower. Therefore, the most critical links in your 
network are those where the traffic is high and the distances are great. Optimize those first. 


e Choose placement carefully. 
For best results, place your router: 


— Near the center of the area in which your computers will operate. 


— nan elevated location such as a high shelf where the wirelessly connected computers 
have line-of-sight access (even if through walls). 


— Avoid obstacles to wireless signals. 


— Keep wireless devices at least 2 feet from large metal fixtures such as file cabinets, 
refrigerators, pipes, metal ceilings, reinforced concrete, and metal partitions. 


— Keep away from large amounts of water such as fish tanks and water coolers. 
e Reduce interference. 
— Avoid windows unless communicating between buildings. 


— Place wireless devices away from various electromagnetic noise sources, especially those 
in the 2400—2500 MHz frequency band. Common noise-creating sources are: 


* Computers and fax machines (no closer than 1 foot) 


e Copying machines, elevators, and cell phones (no closer than 6 feet) 
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e Microwave ovens (no closer than 10 feet) 
Choose your settings. 


— Usea scanning utility to determine what other wireless networks are operating nearby, and 
choose an unused channel. 


— Turn off SSID broadcast, and change the default SSID. Other nearby devices might 
automatically try to connect to your network several times a second, which can cause 
significant performance reduction. 


Set WPA2-PSK (AES) security to achieve the best wireless performance and the best security. 


Use WMM to improve the performance of voice and video traffic over the wireless link. 


Changing the MTU Size 


The Maximum Transmission Unit (MTU) is the largest data packet a network device transmits. 
When one network device communicates across the Internet with another, the data packets travel 
through many devices along the way. If any device in the data path has a lower MTU setting than 
the other devices, the data packets must be split or “fragmented” to accommodate the one with the 
smallest MTU. 


The best MTU setting for NETGEAR equipment is often just the default value, and changing the 
value might fix one problem but cause another. Leave MTU unchanged unless one of these 
situations occurs: 


You have problems connecting to your ISP or other Internet service, and the technical support 
of either the ISP or NETGEAR recommends changing the MTU setting. These might require 
an MTU change: 


— A secure website that won't open, or displays only part of a Web page 
— Yahoo e-mail 

— MSN 

— America Online's DSL service 


You use VPN and have severe performance problems. 
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e You used a program to optimize MTU for performance reasons, and now you have 
connectivity or performance problems. 


Note: An incorrect MTU setting can cause Internet communication problems such as the 


inability to access certain Web sites, frames within Web sites, secure login pages, 
or FTP or POP servers. 


If you suspect an MTU problem, a common solution is to change the MTU to 1400. If you are 
willing to experiment, you can gradually reduce the MTU from the maximum value of 1500 until 
the problem goes away. Table 6-2 describes common MTU sizes and applications. 


Table 6-2. Common MTU Sizes 


MTU Application 

1500 The largest Ethernet packet size and the default value. This is the typical setting for non- 
PPPoE, non-VPN connections, and is the default value for NETGEAR routers, adapters, 
and switches. 

1492 Used in PPPoE environments. 

1472 Maximum size to use for pinging. (Larger packets are fragmented.) 

1468 Used in some DHCP environments. 

1460 Usable by AOL if you don't have large e-mail attachments, for example. 

1436 Used in PPTP environments or with VPN. 

1400 Maximum size for AOL DSL. 

576 Typical value to connect to dial-up ISPs. 


To change the MTU size: 

1. In the main menu, under Advanced, select WAN Setup. 

2. Inthe MTU Size field, enter a new size between 64 and 1500. 
3. Click Apply to save the new configuration. 


Quality of Service (QoS) 


QoS is an advanced feature that can be used to prioritize some types of traffic ahead of others. The 
WNDR3400 router can provide QoS prioritization over the wireless link and on the Internet 
connection. To configure QoS, use the QoS Setup screen. 
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From the main menu, under Advanced, select QoS Setup. The QoS Setup screen displays: 


QoS Setup 


v| Enable WMM (Wi-Fi multimedia) settings (2.4GHz b/g/n) 
*|Enable WMM (Wi-Fi multimedia) settings (5GHz ain) 


[ ]Turn Internet Access QoS On 


(Turn Bandwidth Control On 


Uplink bandwidth Maximum |256 Kbps ¥ 
Qos Priority Rule list Setup QoS rule 
Asi 
Figure 6-2 


Using WMM QoS for Wireless Multimedia Applications 


The WNDR3400 router supports Wi-Fi Multimedia Quality of Service (WMM QoS) to prioritize 
wireless voice and video traffic over the wireless link. WMM QoS provides prioritization of 
wireless data packets from different applications based on four access categories: voice, video, 
best effort, and background. For an application to receive the benefits of WMM QoS, both it and 
the client running that application must be WMM enabled. Legacy applications that do not support 
WMM, and applications that do not require QoS, are assigned to the best effort category, which 
receives a lower priority than voice and video. 


WMM Qos is enabled by default. You can disable it in the QoS Setup screen, shown in 
Figure 6-2 on page 6-8, by clearing the Enable WMM check box and clicking Apply. 


Configuring QoS for Internet Access 


You can give prioritized Internet access to the following types of traffic: 
e For specific applications 

e For specific online games 

e On individual Ethernet LAN ports of the router 

e From a specific device by MAC address 
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To specify prioritization of traffic, you must create a policy for the type of traffic and add the 
policy to the QoS Policy table in the QoS Setup screen. For convenience, the QoS Policy table lists 
many common applications and online games that can benefit from QoS handling. 

QoS for Applications and Online Gaming 

To create a QoS policy for applications and online games: 


1. From the main menu, under Advanced, select QoS Setup. The QoS Setup screen displays, as 
shown in Figure 6-2 on page 6-8. 


2. Click Setup QoS Rule. The QoS Setup screen then displays the existing priority rules. 


QoS Setup 


< 


Enable WMM (Wi-Fi multimedia) settings (2.4GHz b/gin) 
*|Enable WMM (Wi-Fi multimedia) settings (5GHz ain} 


Turn Internet Access QoS On 


Turn Bandwidth Control On 


Uplink bandwidth Maximum |256 Kbps v 
Qos Priority Rule list Setup QoS rule 
Figure 6-3 


3. Click Add Priority Rule. 


I 


QoS - Priority rules 


Priority 

QoS Policy for MSN Messenger 

Priority Category Applications Y 
Applications MSN Messenger 2 
Priority Normal ¥ 


| Apply | Cancel 


Figure 6-4 


4. Inthe QoS Policy for field, type the name of the application or game. 


5. Inthe Priority Category list, select either Applications or Online Gaming. In either case, a 
list of predefined applications or games displays in the Applications drop-down list. 
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6. From the Applications list, you can select an existing item, or you can scroll to the bottom of 
the list and select Add a New Application or Add a New Game. 


a. Ifyou add a new entry, the screen expands as shown: 


| QoS - Priority rules 
| 


| Priority 


[QoS Policy for 

[Priority Category Applications hd 
[Applications Add a new Application » 
[Priority Normal 7 
[Specified port range 

| Connection Type TCP/UDP ¥ 
[Starting Port (1~65535) 

| — 

| Ending Port (1-865535) 

| 

| Apply | Cancel 


Figure 6-5 


b. Inthe QoS Policy for field, enter a descriptive name for the new application or game. 


c. Select the packet type, either TCP, UDP, or both (TCP/UDP), and specify the port 
number or range of port numbers used by the application or game. 


7. From the Priority drop-down list, select the priority that this traffic should receive relative to 
other applications and traffic when accessing the Internet. The options are Low, Normal, High, 
and Highest. 


8. Click Apply to save this rule to the QoS Policy list and return to the QoS Setup screen. 
9. Inthe QoS Setup screen, select the Turn Internet Access QoS On check box. 
10. Click Apply. 


QoS for a Router LAN Port 
To create a QoS policy for a device connected to one of the router's LAN ports: 


1. From the main menu, under Advanced, select QoS Setup. The QoS Setup screen displays, as 
shown in Figure 6-2 on page 6-8. 


2. Click the Setup QoS Rule button. 
3. Click Add Priority Rule. 
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4. From the Priority Category list, select Ethernet LAN Port. The QoS - Priority Rules screen 
changes: 


faos- Priority rules 


[Priority 


[QoS Policy for [LAN Port 1 

[Priority Category Ethernet LAN Port ¥ 
[LAN port 18 

| Priority Normal ¥ 

| Apply | Cancel 


Figure 6-6 


5. From the LAN port list, select the LAN port that will have a QoS policy. 


6. From the Priority drop-down list, select the priority that this port's traffic should receive 
relative to other applications and traffic when accessing the Internet. The options are Low, 
Normal, High, and Highest. 


7. Click Apply to save this rule to the QoS Policy list and return to the QoS Setup screen. 
8. Inthe QoS Setup screen, select the Turn Internet Access QoS On check box. 
9. Click Apply. 


QoS for a MAC Address 
To create a QoS policy for traffic from a specific MAC address, follow these steps: 


1. From the main menu, under Advanced, select QoS Setup, and click the Setup QoS Rule 
button. The QoS Setup screen displays, as shown in Figure 6-2 on page 6-8. 


2. Click Add Priority Rule. 
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From the Priority Category list, select MAC Address. The QoS - Priority Rules screen 
changes: 


| QoS Policy for [ 

| Priority Category MAC Address M 

| MAC Device List 

| QoS Policy Priority | Device Name MAC Address | 
| C | Pri MAC 59F408 | Normal DELL 00:0D:56:59:F 4:08 | 


| 
| MAC Address lii | T 1 J J 
| 


| Device Name 


| Priority Normal v 
| Add | Edit | Delete Refresh 
| Apply | Cancel 


Figure 6-7 


If the device to be prioritized appears in the MAC Device List, select it. The information from 
the MAC Device List will be used to populate the policy name, MAC Address, and Device 
Name fields. If the device does not appear in the MAC Device List, click Refresh. If it still 
does not appear, you must complete these fields manually. 


From the Priority drop-down list, select the priority that this device's traffic should receive 
relative to other applications and traffic when accessing the Internet. The options are Low, 
Normal, High, and Highest. 


Click Apply to save this rule to the QoS Policy list and return to the QoS Setup screen. 
In the QoS Setup screen, select the Turn Internet Access QoS On check box. 


Click Apply. 


Editing or Deleting an Existing QoS Policy 


To edit or delete an existing QoS policy: 


1. From the main menu, under Advanced, select QoS Setup. The QoS Setup screen displays, as 
shown in Figure 6-2 on page 6-8. 

2. Select the radio button next to the QoS policy to be edited or deleted, and do one of the 
following: 
* Click Delete to remove the QoS policy. 
e Click Edit to edit the QoS policy. Follow the instructions in the preceding sections to 

change the policy settings. 
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3. Click Apply in the QoS Setup screen to save your changes. 
Universal Plug and Play 


Universal Plug and Play (UPnP) helps devices, such as Internet appliances and computers, to 
access the network and connect to other devices as needed. UPnP devices can automatically 
discover the services from other registered UPnP devices on the network. 


_| Note: If you use applications such as multiplayer gaming, peer-to-peer connections, real- 


time communications such as instant messaging, or remote assistance (a feature in 
Windows XP), you should enable UPnP. 


To turn on Universal Plug and Play: 


1. From the main menu, under Advanced, click UPnP. The UPnP screen displays. 


UPnP 


¥) Turn UPnP On 


Advertisement Period (in minutes) 30 | 


Advertisement Time To Live (in hops) 0 


UPnP Portmap Table 
Active | Protocol | Int. Port Ext. Port IP Address 
Yes TCP 9198 11913 192.168.0.2 
Yes UDP 5339 7102 192.168.0.2 


Figure 6-8 


2. The available settings and information in this screen are: 


* Turn UPnP On. UPnP can be enabled or disabled for automatic device configuration. 
The default setting for UPnP is disabled. If this check box is not selected, the router does 
not allow any device to automatically control the resources, such as port forwarding 
(mapping) of the router. 


e Advertisement Period. The advertisement period is how often the router broadcasts its 
UPnP information. This value can range from 1 to 1440 minutes. The default period is 30 
minutes. Shorter durations ensure that control points have current device status at the 
expense of additional network traffic. Longer durations might compromise the freshness 
of the device status but can significantly reduce network traffic. 


Fine-Tuning Your Network 6-13 
v1.0, June 2010 


N600 Wireless Dual Band Router WNDR3400 User Manual 


e Advertisement Time To Live. The time to live for the advertisement is measured in hops 
(steps) for each UPnP packet sent. The time to live hop count is the number of steps a 
broadcast packet is allowed to propagate for each UPnP advertisement before it 
disappears. The number of hops can range from 1 to 255. The default value for the 
advertisement time to live is 4 hops, which should be fine for most home networks. If you 
notice that some devices are not being updated or reached correctly, then it might be 
necessary to increase this value. 


e UPnP Portmap Table. The UPnP Portmap Table displays the IP address of each UPnP 
device that is currently accessing the router and which ports (Internal and External) that 
device has opened. The UPnP Portmap Table also displays what type of port is open and 
whether that port is still active for each IP address. 


3. Click Apply to save your settings. 
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Chapter 7 
USB Storage 


This chapter describes how to access and configure a USB storage drive attached to your router. 


Note: The USB port on the router can be used only to connect USB storage devices like 
flash drives or hard drives. Do not connect computers, USB modems, printers, CD 
drives, or DVD drives to the router USB port. 


This chapter includes the following sections: 

e “USB Drive Requirements” 

e “File Sharing Scenarios” on page 7-2 

e “ReadyShare Access” on page 7-10 

* “USB Storage Basic Settings" on page 7-4 

e “Configuring USB Storage Advanced Settings” on page 7-7 

e “Unmounting a USB Drive” on page 7-10 

e “Specifying Approved USB Devices” on page 7-11 

* "Connecting to the USB Drive from a Remote Computer" on page 7-12 


e “Connecting to the USB Drive with Microsoft Network Settings" on page 7-12 


USB Drive Requirements 


The router works with 1.0 and 1.1 (USB Full Speed) and 2.0 (USB High Speed) standards. The 
approximate USB bus speeds are shown below. 


USB 1.1 12 Mbits 
USB 2.0 480 Mbits 
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Actual bus speeds can vary, depending on the CPU speed, memory, speed of the network, and 
other variables. 


The router should work with most USB-compliant external flash and hard drives. For the most up- 
to-date list of USB drives supported by the router, go to http://kb.netgear.com/app/answers/detail/ 
a id/14313. 


The router supports both READ and WRITE for FAT16, FAT32, and NTFS. 


Note: Some USB external hard drives and flash drives require drivers to be loaded in to 
the PC before the PC can access the USB device. Such USB devices will not work 
with the WNDR3400 router. 


File Sharing Scenarios 


You can share files on the USB drive for a wide variety of business and recreational purposes. The 
files can be any PC or Mac file type including text files, Word, PowerPoint, Excel, MP3. pictures, 
and multimedia. USB drive applications include: 


* Sharing multimedia with friends and family—sharing MP3 files, pictures, and other 
multimedia with local and remote users. 


e Sharing resources on your network—storing files in a central location so that you do not have 
to power up a computer to perform local sharing. In addition, you can share files between 
Macintosh, Linux, and PC computers by using the USB drive as a go-between across the 
systems. 


* Sharing files with offsite coworkers—sharing files such as Word documents, PowerPoint 
presentations, and text files with remote users. 


A few common uses are described in the following sections. 


Sharing Photos with Friends and Family 


You can create your own central storage location for photos and multimedia. This eliminates the 
need to log in to (and pay for) an external photo sharing site. 


To share files with your friends and family: 
1. Insert your USB drive into the USB port on the router either directly or with a USB cable. 


Computers on your local area network (LAN) can automatically access this USB drive using a 
Web browser or Microsoft Networking. 
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2. Ifyou want to specify read only access, or to allow access from the Internet, see “Configuring 
USB Storage Advanced Settings" on page 7-7. 


Storing Files in a Central Location for Printing 


This scenario is for a family that has one high quality color printer directly attached to a PC, but 
not shared on the local area network (LAN). This family does not have a print server: 


* The daughter has some photos on her Macintosh computer that she wants to print. 


e The mother has a photo-capable color printer directly attached to her PC, but not shared on the 
network. 


* The mother and daughter's computers are not visible to each other on the network. 


How can the daughter print her photos on the color printer attached to her mother's PC? This is 
where the USB drive on the router can save you time and effort. 


1. The daughter accesses the USB drive by typing Wreadyshare in the address field of her Web 
browser. Then she copies the photos to the USB drive. 


2. The mother uses her Web browser or Microsoft Networking to transfer the files from the USB 
drive to the PC. Then she prints the files. 


Sharing Large Files with Colleagues 


Sending files that are larger than 5 MB can pose a problem for many e-mail systems. The router 
allows you to share very large files such as PowerPoint presentations or ZIP files with colleagues 
at another site. Rather than filling up their mail systems with large files, your colleagues can use 
FTP to easily download shared files from the router. 


Sharing files with a remote colleague involves the following considerations: 


* There are two user accounts: admin and guest. 


m3 Note: The password for admin is the same one that you use to access the router. By 


default, it is password. The guest user account has no password. 


e On the FTP site, your colleagues should use the guest user account and enter any password 
(FTP requires that you type something in the password field). 
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e Be sure to enable either FTP (via Internet) in the USB Storage (Advanced Settings) screen. 
This option supports both downloading and uploading of files. See “Configuring USB Storage 
Advanced Settings" on page 7-7. 


Note: You can also enable the HTTP (via Internet) option on the USB Storage 
(Advanced Settings) screen to share large files. This option supports 
downloading files only. See *Configuring USB Storage Advanced Settings" on 
page 7-7. 


USB Storage Basic Settings 


You can view or edit basic settings for the USB storage device attached to your router. On the 
router main menu below the USB heading, select Basic Settings. The following screen displays: 


USB Storage (Basic Settings) 


Network Device Name: Weadyshare 


Available Network Folders 


Share Name Read Access Write Access (Folder Name) Volume Name [Total Space |Free Space 
Wweadyshare\USB Storage All- no password All- no password (U: y U Drive (3.73 GB), 3.73 GB 3.59 GB 


Safely Remove USB Device 


Figure 7-1 
By default, the USB storage device is available to all computers on your local area network 


(LAN). To access your USB device from this screen, you can click the Network/Device Name or 
the Share Name. 
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Network/Device Name: —— : Address | @ VWeadyshare v| EJ co 


\ireadyshare 
Name Comments 


k USB. Storage 


Share Name: ————— ————» . Address |©) VreadysharelUSB Storage v | [eg Go 
WreadyshareWSB, Storage 
a = £3 — 
Downloads Music Pictures Videos 


Figure 7-2 


You can also type Wreadyshare in the address field of your Web browser. 


Note: If you logged in to the router before you connected your USB device, you might 
not see your USB device in the router screens until you log out and then log back in 
again. 


The following table explains the fields and buttons in this screen:. 


Table 7-1. USB Storage Basic Settings 


Fields and Buttons Description 

Network Device Name The default is Weadyshare. This is the name used to access the 
USB device connected to the router. 

Available Network Share Name If only 1 device is connected, the default share name is 

folders USB Storage. You can click the name shown or you can type it in 


the address field of your Web Browser. If Not Shared is shown, the 
default share has been deleted and no other share for the root 
folder exists. Click the link to change this setting. 


Read/Write Shows the permissions/access controls on the network folder: All — 
Access no password (the default) allows all users to access the network 
folder. The user name (account name) for All - no password is 
guest. The password for admin is the same one that you use to 
log in to the router main menu. By default, it is password. 


Folder Name Full path used by the network folder: 


Volume Name | Volume name from the storage device (either USB drive or HDD). 


Total/Free Shows the current utilization of the storage device. 
Space 
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Table 7-1. USB Storage Basic Settings 


Fields and Buttons Description 
Edit button Click the Edit button to edit the Available Network folder settings. 


See "Editing a Network Folder" on page 7-6. 


Safely Remove USB Device button Click to safely remove the USB device attached to your router. See 
"Unmounting a USB Drive" on page 7-10. 


Editing a Network Folder 


This process is the same from either the USB Storage (Basic Settings) screen or the USB Storage 
(Advanced Settings) screen. Click the Edit button to open the Edit Network Folder screen. 


USB Storage (Basic Settings) 


Network Device Name: 1eadyshare 


Available Network Folders 


Folder Namo |Velume Name I^^! mue Share Name pass Te 
Space Space Access Acces 
\ " ; 5 y All- no NI- no 
Us U Drive 982MB 356MB Leadvslare USB. toate asso password 
Edit | Edit Network Folder 
Safely Remove USB Device 
USB Device U: (U Drive) 
p File System FAT32 
| Refresh 
Share Name Family Photos 
Read Access All- no password ¥ 
Write Access All-no password ¥ 
Apply 
Close Window ] 
Figure 7-3 


You can use this screen to select a folder, to change the Share Name, or to change the Read 
Access or Write Access from All - no password to admin. The user name (account name) for All 
—no password is guest. The password for admin is the same one that is used to log in to the router 
main menu. By default, it is password. 


Note: You must click Apply in order for your changes to take effect. 
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Configuring USB Storage Advanced Settings 


To configure advanced USB settings, under the USB heading on the router main menu, select 
Advanced Settings. The USB Storage (Advanced Settings) screen displays. 


USB Storage (Advanced Settings) 


Network Device Name: readyshare 
Workgroup: Workgroup 
Enable Access Method Link Port 
v Network Connection Wweadyshare 
[v] HTTP hittpJ/readyshare.routerlogin.net/shares 80 
HTTP (via internet) http:10.1.2 3/shares 80 
FTP fipireadyshare.routerlagin. netishares 21 
FTP(via internet) ftp.//10.1. 2.3/shares 21 


Available Network Folders 


Share Name Read Access Write Access (Folder Name | Volume Name (Total Space |Free Space 
© "readyshareXJSB Storage All- no password |All- no password lU: y U Drive (3.73 GB)! 3.73 GB 3.59 GB 


Create Network Folder 
Safely Remove USB Device 


l Apply || Refresh | 


Figure 7-4 


You can use this screen to specify access to the USB storage device. The following table explains 
the fields and buttons in the USB Storage Advanced Settings screen. 


Table 7-2. USB Storage Advanced Settings 


Fields and Buttons Description 


Network Device Name The default is readyshare. This is the name used to access the 
USB device connected to the router. 
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Table 7-2. USB Storage Advanced Settings 


Workgroup 


Fields and Buttons 


Description 


If you are using a Windows Workgroup rather than a domain, the 
Workgroup name is displayed here. The name works only in an 
operating system that supports NetBIOS, such as Microsoft 
Windows. 


Access Method 


Network Enabled by default, this connection allows all users on the LAN to 
Connection have access to the USB drive. 
HTTP Disabled by default. If you enable this setting, you can type http:// 


HTTP (via internet) 


readyshare.routerlogin.net/shares to access the USB drive. 


Disabled by default. If you enable this setting, remote users can 
type http://public IP addresslshares (for example, http:// 
1.1.10.102/shares) or a URL domain name to access the USB 
drive over the Internet. This setting supports file uploading only. 


FTP 
FTP (via internet) 


Disabled by default. 


Disabled by default. If you enable this setting, remote users can 
access the USB drive via FTP over the Internet. This setting 
supports both downloading and uploading of files. 


Available 
Network Folders 


Share Name 


If only 1 device is connected, the default share name is 

USB Storage. You can click the name shown or you can type it in 
the address field of your Web Browser. If Not Shared is shown, the 
default share has been deleted and no other share for the root 
folder exists. Click the link to change this setting. 


Read/Write Access 


Shows the permissions/access controls on the network folder: All - 
no password (the default) allows all users to access the network 
folder. The password for admin is the same one that you use to 
log in to the router main menu. 


Folder Name 


Full path used by the network folder: 


Volume Name 


Total/Free Space 


Volume name from the storage device (either USB drive or HDD). 


Shows the current utilization of the storage device. 
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Creating a Network Folder 


From the USB Storage (Advanced Settings) screen, click the Create a Network Folder button to 
open the Create a Network Folder screen: 


Create Network Folder 


USB Device x 
Fokler | Browse 
Share Name 
Read Accoss All-no password ¥ 
Write Access All - no password " 
Apply 
Close Window 
Figure 7-5 


You can use this screen to create a folder and to specify its Share Name, Read Access, and Write 
Access from All - no password to admin. The user name (account name) for All — no password 
is guest. The password for admin is the same one that is used to log in to the router main menu. 
By default, it is password. 


Note: You must click Apply in order for your changes to take effect. 
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ReadyShare Access 


Once you have set up your router, you can connect any USB storage device and share the contents 
with other users on your network. 


You can access your USB device in any of the following ways: 


e On Windows 7, Windows XP, Windows Vista, and Windows 2000 systems, select Start > Run 
and enter Wreadyshare in the dialog box. Click OK. 


e On Windows 7, Windows XP, Windows Vista, and Windows 2000 systems, open Explorer or 
Safari, and enter \\readyshare in the Address Bar. 


* OnMac OS X (version 10.2 or later), enter smb://readyshare in the Address Bar. 
* In My Network Places, enter \\readyshare in the Address Bar. 


You can also use the ReadyShareConnect utility to automatically map your USB drive on 
Windows 7, Windows XP, Windows Vista, and Windows 2000 systems: 


1. Copy ReadyShareConnect from your Resource CD to your PC, and click 
ReadyShareConnect.exe. 


2. The Windows Map Network Drive dialog box opens and displays the Folder name: 
Wreadyshare USB Storage. Select a drive from the Drive dialog box and click Finish. 


Unmounting a USB Drive 


To unmount a USB disk drive so that no users can access it, from the USB Settings screen, click 
the Safely Remove USB button. This takes the drive offline. 
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Specifying Approved USB Devices 


For more security, you can set up the router to share approved USB devices only. 


1. Select USB Settings from the Advanced menu, and then click Approved Devices. The USB 
Drive Approved Settings screen displays: 


USB Settings 


Enable any USB Device connected to the USB port © Yes © No Approved Devices 


Apply 


USB Drive Approved Devices 


Allow only approved devices 


Approved USB Devices 


Volume Name Device Name Capacity 
Available USB Devices 
Volume Name Device Name Capacity 
[9 U Drive (3.73 GB) SanDisk Cruzer 3.73 GB 
Add 
eal 


Figure 7-6 


2. Select the USB device from the Available USB Devices list. 
3. Click Add. 

4. Select the Allow only approved devices check box. 

5. Click Apply so that your change takes effect. 


If you want to approve another USB device, you must first use the Safely Remove USB Device 
button to unmount the currently connected USB device. Connect the other USB device, and then 
repeat this process. 
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Connecting to the USB Drive from a Remote Computer 


To connect to the USB drive from remote computers using a Web browser, you must use the 
router's Internet port IP address. If you are using dynamic DNS, you can type the DNS name, 
rather than the IP address. 


Locating the Internet Port IP Address 


The Router Status screen shows the Internet port IP address: 
1. Log in to the router. 
2. Under the Maintenance section in the left navigator, click Router Status. 


3. Record the IP address that is listed for the Internet Port. This is the IP address you can use to 
connect to the router remotely. 


Accessing the Router’s USB Drive Remotely Using FTP 


You can connect to the router’s USB drive using a Web browser: 


1. Connect to the router by typing ftp:// and the Internet port IP address in the address field of 
Internet Explorer or Netscape Navigator. For example, 


ftp://10.1.65.4 
If you are using dynamic DNS, you can type the DNS name, rather than the IP address. 


2. Type the account name and password that has access rights to the USB drive. The user name 
(account name) for All — no password is guest. 


3. The directories of the USB drive that your account has access to will be displayed, for 
example, share/partitionl/directoryl. You can now read and copy files from the USB 
directory. 


Connecting to the USB Drive with Microsoft Network 
Settings 


You can access the USB drive from local computers on your home or office network using 
Microsoft network settings. You must be running Microsoft Windows 2000, XP, or older versions 
of Windows with Microsoft networking enabled. You can use normal Explorer operations, such as 
drag and drop, file open, or cut/paste files from: 
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e Microsoft Windows Start Menu, Run option 
* Windows Explorer 


* Network Neighborhood or My Network Place. 


Enabling File and Printer Sharing 


Each computer's network properties must be set to enable network communication with the USB 
drive. File and Printer Sharing for Microsoft Networks must be enabled, as described below. 


Note: In Windows 2000 and Windows XP, File and Printer Sharing is enabled by default. 


Configuring Windows 98SE and Windows ME 


The easiest way to get to your network properties is to go to your desktop, right-click Network 
Neighborhood and then click Properties. File and printer sharing for Microsoft Windows should be 
listed. If not, click Add and follow the installation prompts. 


ES Note: If you have any questions on File and Printer Sharing, please contact Microsoft for 
assistance. 


Configuring Windows 2000 and Windows XP 


Right-click on the network connection for your local area network. File and Printer Sharing for 
Microsoft Windows should be listed. If not, click Install and follow the installation prompts. 


4. On the Media Server (Settings) screen, check the Enable Media Server check box. (This 
check box is selected by default.) 


5. Click Apply. 
6. To set the router to scan for media files, select one of the following: 


* Automatic (when new files are added) — This option is selected by default. When 
selected, this option scans for media files whenever new files are added to the ReadyShare 
USB Hard Drive. 


e Scheduled Scanin, Minutes — This option lets you schedule a scan periodically, or 
you can click the Scan Now button to scan for new media immediately. 
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Chapter 8 
Troubleshooting 


This chapter provides information about troubleshooting your N600 Wireless Dual Band Router 
WNDR3400. After each problem description, instructions are provided to help you diagnose and 
solve the problem. As a first step, review the Quick Tips. 


¥ Tip: NETGEAR provides helpful articles, documentation, and the latest software 


updates at hitp://www.netgear.com/support. 


This chapter includes the following sections: 


"Quick Tips" 

"Troubleshooting Basic Functions" on page 8-3 

"Cannot Access the Internet" on page 8-5 

"Troubleshooting a Network Using the Ping Utility" on page 8-6 
"Problems with Date and Time" on page 8-8 

“Wireless Connectivity" on page 8-9 

“Restoring the Default Configuration and Password" on page 8-14 


Quick Tips 


This section describes tips for troubleshooting some common problems. 


Table 8-1. Quick Tips 


Recommendation Instructions 


Be sure to restart your network in this sequence. 


1. Turn off and unplug the modem. 

2. Turn off the wireless router and computers. 

3. Plug in the modem and turn it on. Wait 2 minutes. 
4. Turn on the wireless router and wait 2 minutes. 
5. Turn on the computers. 
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Table 8-1. Quick Tips (continued) 


Recommendation 


Make sure that the Ethernet cables are securely 
plugged in. 


Instructions 


* The Internet status light on the wireless router is on 
if the Ethernet cable connecting the wireless router 
and the modem is plugged in securely and the 
modem and wireless router are turned on. 

For each powered-on computer connected to the 
wireless router by an Ethernet cable, the 
corresponding numbered router LAN port light is 
on. 


Make sure that the wireless settings in the computer 
and router match exactly. 


Make sure that the network settings of the computer 
are correct. 


Check the Power light to verify correct router 
operation. 


* For a wirelessly connected computer, the wireless 
network name (SSID) and wireless security 
settings of the router and wireless computer must 
match exactly. 

If you set up an Access List in the Advanced 
Wireless Settings screen, you must add each 
wireless computer's MAC address to the router's 
access list. 


* Wired and wirelessly connected computers must 
have network (IP) addresses on the same network 
as the router. The simplest way to do this is to 
configure each computer to obtain an IP address 
automatically using DHCP. Click the link to the 
online document "Preparing Your Network" in 
Appendix B, or see the documentation that came 
with your computer. 

Some cable modem service providers require you 
to use the MAC address of the computer initially 
registered on the account. You can view the MAC 
address in the Attached Devices screen. 


If the Power light does not turn off within 2 minutes 
after you turn the router on, reset the router 
according to the instructions in "Restoring the Default 
Configuration and Password" on page 8-14. 
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Troubleshooting Basic Functions 


After you turn on power to the router, the following sequence of events should occur: 


1. When power is first applied, verify that the Power light © dis on. 


2. After approximately 2 minutes, verify that: 


e The Power light is solid green. 


* The Internet light is on. 


e A numbered Ethernet port light is on for any local port that is connected to a computer. 
This indicates that a link has been established to the connected device. 


If any of the above conditions does not occur, see the following table. 


Table 8-2. Troubleshooting Basic Functions 


Situation 


Recommended Action 


Power light is off or is blinking. 


* Make sure that the power cord is properly connected to your router 
and that the power adapter is properly connected to a functioning 
power outlet. 

Check that you are using the 12V DC, 1.5A power adapter that 
NETGEAR supplied for this product. 

If the Power light alternately blinks green every second, the router 
software is corrupted. This can happen if a firmware upgrade is 
interrupted, or if the router detects a problem with the firmware. If the 
error persists, you have a hardware problem. For recovery 
instructions, or help with a hardware problem, contact Technical 
Support at www.netgear.com/support. 


Lights never turn off. 


When the router is turned on, the lights turns on for about 10 seconds 

and then turn off. If all the lights stay on, there is a fault within the 

router. 

If all lights are still on 1 minute after power up: 

* Cycle the power to see if the router recovers. 

* Clear the router's configuration to factory defaults as explained in 
"Restoring the Default Configuration and Password" on page 8-14. 

If the error persists, you might have a hardware problem and should 

contact Technical Support at www.netgear.com/support. 
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Table 8-2. Troubleshooting Basic Functions 


Situation Recommended Action 


The Internet or Ethernet port lights | If either the Ethernet port lights or the Internet light does not light when 

are off. the Ethernet connection is made, check the following: 

* Make sure that the Ethernet cable connections are secure at the 
router and at the modem or computer. 

* Make sure that power is turned on to the connected modem or 
computer. 

* Be sure that you are using the correct cable: 

When connecting the router's Internet port to a cable or DSL modem, 

use the cable that was supplied with the cable or DSL modem. This 

cable could be a standard straight-through Ethernet cable or an 

Ethernet crossover cable. 


Wireless light is off. If the Wireless light does not come on, verify that the Enable Wireless 
Router Radio check box is selected in the Advanced Wireless Settings 
screen (see "Restricting Access to Your Router" on page 2-19). Or, you 
can press the Wi-Fi on/off button on the wireless router to enable the 
Wireless function. The 2.4GHz and 5GHz lights will be lit when the 
Wireless function is turned on. 


Cannot Access the Router Main Menu 


If you are unable to access the router's main menu from a computer on your local network, check 
the following: 


* Ifyou are connecting from a wireless computer, try connecting from a wired computer. 


e Check the Ethernet connection between the wired computer and the router. Make sure that the 
cable connections are secure, and that you are using the correct cable. 


* Make sure that your computer's IP address is on the same subnet as the router. For 
instructions, click the link to the online document "Preparing Your Network" in Appendix B 
to configure your computer. 


— A |Note: If your computer's IP address is shown as 169.254.x.x: Windows and Mac OS 
generate and assign an IP address if the computer cannot reach a DHCP server. 
These autogenerated addresses are in subnet 169.254.x.x. If your IP address is 
in this range, check the connection from the computer to the router, and reboot 
your computer. 


Troubleshooting 8-4 
v1.0, June 2010 


N600 Wireless Dual Band Router WNDR3400 User Manual 


* Make sure that your browser has Java, JavaScript, or ActiveX enabled. If you are using 
Internet Explorer, click Refresh to be sure that the Java applet is loaded. 


* Try closing the browser and opening it again, or try a different browser. 


* Make sure that you are using the correct login information. The factory default login name is 
admin, and the password is password. Make sure that Caps Lock is off when entering this 
information. 


If the router does not save configuration changes that you have made, check the following: 


* When entering configuration settings, be sure to click Apply before moving to another screen 
or tab, or your changes could be lost. 


* Click Refresh or Reload in the Web browser. The changes might have occurred, but the Web 
browser might be caching the old configuration. 


Cannot Access the Internet 


If you can access your router but you are unable to access the Internet, first determine whether the 
router can obtain an IP address from your Internet Service Provider (ISP). Unless your ISP 
provides a fixed IP address, your router must request an IP address from the ISP. You can 
determine whether the request was successful using the Router Status screen. 


To check the WAN IP address: 

1. Start your browser, and select an external site such as http://www.netgear.com. 

2. Access the main menu of the router's configuration at http://www.routerlogin.net. 
3. Under Maintenance, select Router Status. 
4 


Check that an IP address is shown for the Internet port. If 0.0.0.0 is shown, your router has not 
obtained an IP address from your ISP. 


If your router cannot obtain an IP address from the ISP, you might need to force your cable or DSL 
modem to recognize your new router by restarting your network, as described in Table 8-1 on 
page 8-1. 


If your router is still unable to obtain an IP address from the ISP, the problem might be one of the 
following: 


* Your ISP might require a login program. 
Ask your ISP whether they require PPP over Ethernet (PPPoE) or some other type of login. 


e  Ifyour ISP requires a login, the login name and password might be set incorrectly. 
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Your ISP might check for your computer's host name. 
Assign the computer host name of your ISP account as the account name in the Basic Settings 
screen. 


Your ISP allows only one Ethernet MAC address to connect to Internet and might check for 
your computer's MAC address. In this case, do one of the following: 


— Inform your ISP that you have bought a new network device, and ask them to use the 
router's MAC address. 


— Configure your router to spoof your computer's MAC address. 


If your router can obtain an IP address, but your computer is unable to load any Web pages from 
the Internet: 


Your computer might not recognize any DNS server addresses. 


A DNS server is a host on the Internet that translates Internet names (such as www addresses) 
to numeric IP addresses. Typically, your ISP provides the addresses of one or two DNS servers 
for your use. If you entered a DNS address during the router’s configuration, reboot your 
computer, and verify the DNS address as described in the online document you can access 
from "Preparing Your Network" in Appendix B. You can also configure your computer 
manually with DNS addresses, as explained in your operating system documentation. 


Your computer might not have the router configured as its TCP/IP gateway. 


If your computer obtains its information from the router by DHCP, reboot the computer, and 
verify the gateway address as described in the online document you can access from 
"Preparing Your Network" in Appendix B. 


You might be running login software that is no longer needed. 


If your ISP provided a program to log you in to the Internet (such as WinPoET), you no longer 
need to run that software after installing your router. Y ou might need to go to Internet Explorer 
and select Tools > Internet Options, click the Connections tab, and select Never dial a 
connection. 


Troubleshooting a Network Using the Ping Utility 


Most network devices and routers contain a ping utility that sends an echo request packet to the 
designated device. The device then responds with an echo reply. You can easily troubleshoot a 
network by using the ping utility in your computer or workstation. 
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Testing the LAN Path to Your Router 


You can ping the router from your computer to verify that the LAN path to your router is set up 
correctly. 


To ping the router from a running Windows PC: 
1. From the Windows toolbar, click the Start button, and then select Run. 


2. Inthe field provided, type ping followed by the IP address of the router, as in this example: 
ping www.routerlogin.net 


3. Click OK. 


You should see a message like this one: 
Pinging «IP address » with 32 bytes of data 


Ifthe path is working, you see this message: 
Reply from < IP address >: bytes=32 time=NN ms TTL=xxx 


If the path is not working, you see this message: 
Request timed out 


If the path is not functioning correctly, you could have one of the following problems: 
* Wrong physical connections 


— Fora wired connection, make sure the numbered Ethernet port light is on for the port 
to which you are connected. If the light is off, follow the instructions in Table 8-2 on 
page 8-3. 


— Check that the corresponding Link lights are on for your network interface card. If 
your router and computer are connected to a separate Ethernet switch, make sure the 
Link lights are on for the switch ports that are connected to your computer and router. 


* Wrong network configuration 


— Verify that the Ethernet card driver software and TCP/IP software are both installed 
and configured on your computer. 


— Verify that the IP address for your router and your computer are correct and that the 
addresses are on the same subnet. 
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Testing the Path from Your Computer to a Remote Device 


After verifying that the LAN path works correctly, test the path from your computer to a remote 
device. 


1. From the Windows toolbar, click the Start button, and then select Run. 


2. Inthe Windows Run window, type: 
ping -n 10 «IP address> 


where «IP address> is the IP address of a remote device such as your ISP's DNS server. 


If the path is functioning correctly, replies like those shown in the previous section are displayed. 
If you do not receive replies: 


e Check that your computer has the IP address of your router listed as the default gateway. If the 
IP configuration of your computer is assigned by DHCP, this information is not visible in your 
computer's Network Control Panel. Verify that the IP address of the router is listed as the 
default gateway as described in the online document you can access from "Preparing Your 
Network" in Appendix B. 


e Check to see that the network address of your computer (the portion of the IP address specified 
by the subnet mask) is different from the network address of the remote device. 


e Check that your cable or DSL modem is connected and functioning. 


e [f your ISP assigned a host name to your computer, enter that host name as the account name 
in the Basic Settings screen. 


e Your ISP could be rejecting the Ethernet MAC addresses of all but one of your computers. 
Many broadband ISPs restrict access by allowing traffic only from the MAC address of your 
broadband modem, but some ISPs additionally restrict access to the MAC address of a single 
computer connected to that modem. If this is the case, you must configure your router to 
“clone” or “spoof” the MAC address from the authorized computer. 


Problems with Date and Time 


Under Content Filtering in the main menu, select E-mail to display a screen that shows the current 
date and time of day. The WNDR3400 router uses the Network Time Protocol (NTP) to obtain the 
current time from one of several network time servers on the Internet. Each entry in the log is 
stamped with the date and time of day. Problems with the date and time function can include the 
following: 
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e Date shown is January 1, 2000. 
Cause: The router has not yet successfully reached a Network Time Server. Check that your 
Internet access is configured correctly. If you have just completed configuring the router, wait 
at least 5 minutes, and check the date and time again. 


* Time is off by one hour. 
Cause: The router does not adjust for daylight savings time. In the E-mail screen, select the 
Adjust for Daylight Savings Time check box. 


Wireless Connectivity 


The first steps in solving wireless connection problems are these: 


1. Using your wireless card's setup utility program, make sure that your wireless card can find 
your wireless router. 


2. Configure and test with the simplest wireless connection possible, and then add security. 


The topics in this section describe these steps. 


Using Your Wireless Card Setup Program 


When you install a NETGEAR wireless card in your computer, a Smart Wizard utility program is 
installed that can provide helpful information about your wireless network. You can find this 
program in your Windows Program menu or as an icon in your system tray. Other wireless card 
manufacturers might include a similar program. 


If you have no specific wireless card setup program installed, you can use the basic setup utility in 
Windows by following these steps: 


1. Open the Windows Control Panel, and double-click Network Connections. 
2. Inthe LAN section, double-click Wireless Network Connection. 


Use the setup program to scan for available wireless networks. Look for a network name (SSID) of 
NETGEAR or your custom SSID if you have changed it. If your wireless network does not appear, 
check these conditions: 


* Is your router's wireless radio enabled? See “Restricting Access to Your Router" on page 2-19. 
e ITs your router's SSID broadcast enabled? See “Restricting Access to Your Router" on page 2-19. 


e Is your router set to a wireless standard that is not supported by your wireless card? Check the 
Mode setting, as described in “Manually Configuring Your Wireless Settings" on page 2-4. 
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If your wireless network appears, but the signal strength is weak, check these conditions: 


e ITs your router too far from your computer, or too close? Place your computer near the router, 
but at least 6 feet away, and see whether the signal strength improves. 


e Is your wireless signal obstructed by objects between the router and your computer? See 
“Wireless Placement and Range Guidelines” on page 2-2. 


If your wireless network appears and has good signal strength, configure your wireless card and 
router for the simplest possible connection, as described in the next section. 


Setting Up and Testing Basic Wireless Connectivity 


Note: If you use a wireless computer to change wireless settings, you might be 
disconnected when you click Apply. Reconfigure your wireless adapter to match 


the new settings, or access the wireless router from a wired computer to make any 
further changes. 


Follow these instructions to set up and test basic wireless connectivity. Once you have established 
basic wireless connectivity, you can enable security settings appropriate to your needs. 
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1. Select Wireless Settings under Setup in the main menu of the WNDR3400 router. 


Wireless Settings 


Region Selection 
Region 


Wireless Network (2.4GHz b/g/n) 
v|Enahle SSID Broadcast 


Channel Auto ¥| 


Security Options 

(9 None 

Owep 

O WPA-PSK (TKIP) 

O WPA2-PSK (AES) 

O WPA-PSK (TKIP) + WPA2-PSK (AES) 


Wireless Network (5GHz an) 
Enable SSID Broadcast 


Channel (36 x] 


Security Options 

(9 None 

O WEP 

O WPA-PSK (TKIP) 

O WPA2-PSK (AES) 

O WPA-PSK (TKIP) + WPA2-PSK (AES) 


Figure 8-1 


Name (SSID) [NETGEAR sid 


Mode Up to 145 Mbps vl 


Name (SSID) INETGEAR-5G - 


Mode [Up te 300 Mbps v 


eG 


Note: Be sure to configure both Wireless Network sections (for 2.4GHz b/g/n and 
P 5GHz a/n) on the Wireless Settings screen. 


2. Make sure the Enable SSID Broadcast check box is selected. 
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3. For the wireless network name (SSID), use the default name, or choose a suitable descriptive 
name. In the Name (SSID) field, you can enter a value of up to 32 alphanumeric characters. 
The default SSID is NETGEAR. 


____| Note: The SSID is case-sensitive; NETGEAR is not the same as nETgear. Also, the 

SSID of any wireless access adapters must match the SSID you configure in 
the N600 Wireless Dual Band Router WNDR3400. If they do not match, you 
will not get a wireless connection to the WNDR3400 router. 


4. Select the region in which the wireless interface will operate. 
5. Set the channel. The default channel is Auto. 


This field determines which operating frequency is used. It should not be necessary to change 
the wireless channel unless you notice interference problems with another nearby wireless 
router or access point. Select a channel that is not being used by any other wireless networks 
within several hundred feet of your router. For more information about the wireless channel 
frequencies, click the link to the online document “Wireless Networking Basics” in 
Appendix B. 


6. Set the mode to Up to 145 Mbps at 2.4GHz and Up to 300 Mbps at 5GHz. 
7. For Security Options, select None. 


8. Click Apply to save your changes. 


Note: If you are configuring the router from a wireless computer and you change the 
router’s SSID, channel, or security settings, you will lose your wireless 


connection when you click Apply. You must then change the wireless settings 
of your computer to match the router’s new settings. 
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9. Select Wireless Settings under Advanced in the main menu of the WNDR3400 router. 


Wireless Settings 


Advanced Wireless Settings (2.4GHz b/gin) 
[V] Enable Wireless Router Radio 


Fragmentation Length (256 [5 
:2348) |2346 


CTSIRTS Threshold (1-2347) Ds | 


Preamble Mode [Long Preamble v 


Advanced Wireless Settings (5GHz ain) 
Enable Wireless Router Radio 


Fragmentation Length (256 f 
-2346) (2346 | 


CTSIRTS Threshold (1-2347) [2347 | 


Preamble Mode [Long Preamble M 


WPS Settings 
Router's PIN 10000151 


[C] Disable Router's PIN 


Keep Existing Wireless Settings (2.4G-4z bigin) 
oO Keep Existing Wireless Settings (5GHz atn) 


Wireless Card Access List Set Up Access List 
Appl 


Figure 8-2 


10. Make sure the Enable Wireless Router Radio check box is selected. 
11. Click Setup Access List. 

12. Make sure that the Turn Access Control On check box is not selected. 
13. Configure and test your wireless computer for wireless connectivity. 


Program the wireless adapter of your computer to have the same SSID and channel that you 
configured in the router, and disable encryption. Check that your computer has a wireless link 
and can obtain an IP address by DHCP from the router. 


Once your computer has basic wireless connectivity to the router, you can configure the advanced 
wireless security functions of the computer and router (for more information about security, see 
Chapter 2, “Safeguarding Your Network"). 


Troubleshooting 8-13 
v1.0, June 2010 


N600 Wireless Dual Band Router WNDR3400 User Manual 


Restoring the Default Configuration and Password 


This section explains how to restore the factory default configuration settings, changing the 
router's administration password back to password. You can erase the current configuration and 
restore factory defaults in two ways: 


* Use the Erase function of the router (see “Erasing the Configuration" on page 4-12). 


e Use the Reset button on the bottom of the router. Use this method for cases when the 
administration password or IP address is not known. 


To restore the factory default configuration settings when you do not know the administration 
password or IP address, you must use the restore settings button on the bottom of the router. 


1. Press and hold the restore settings button for over 5 seconds until the Power light turns to 
blinking amber. 


2. Release the restore settings button, and wait for the router to reboot. 


Ifthe wireless router fails to restart, or the green Power light continues to blink, the unit might be 
defective. If the error persists, you might have a hardware problem and should contact Technical 
Support at http://www.netgear.com/support. 
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Appendix A 
Default Configuration and 
Technical Specifications 


This appendix provides factory default settings and technical specifications for the N600 Wireless 
Dual Band Router WNDR3400. 


Restoring the Default Factory Configuration Settings 


You can restore the factory default configuration settings to reset the router's user name to admin, 
the password to password, and the IP address to www.routerlogin.net. This procedure erases 
your current configuration, including your wireless security settings, and restores the factory 
defaults. When you log in after resetting, the Smart Wizard configuration assistant prompts you to 
configure these settings. 


To restore the factory default configuration settings: 


1. Usea sharp object such as a pen or a paper clip to press and hold the restore factory settings 
button, located on the bottom of the router, for over 5 seconds until the Power light turns to 
blinking amber. 


2. Release the restore factory settings button, and wait for the router to reboot. 


The factory default settings are restored so that you can access the router from your Web 
browser using the factory defaults. 


Table A-1. WNDR3400 Router Default Configuration Settings 


Feature Default Setting 


Router login 


Router login URL http://www.routerlogin.net or 
http://www.routerlogin.com 


User name (case-sensitive) printed on | admin 
product label 


Password (case-sensitive) printed on | password 
product label 
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Table A-1. WNDR3400 Router Default Configuration Settings (continued) 


Feature Default Setting 

Internet connection 
MAC Address Use default hardware address 
MTU Size 1500 


Local network 


Router LAN IP address printed on 192.168.1.1 

product label (gateway IP address) 

Router subnet 255.255.255.0 

DHCP server Enabled 

DHCP range 192.168.1.2 to 192.168.1.254 
Time zone Pacific time 

Time zone Daylight Saving time Disabled 


Allow a registrar to configure this router | Enabled 


Wireless 
Wireless communication Enabled 
SSID names * 2.4GHz b/g/n: NETGEAR 
* 5GHz a/n: NETGEAR-5G 
Security Disabled 
Broadcast SSID Enabled 
Transmission speed Auto* 
Country/region United States in the US; otherwise varies by region 
RF channel 6 until region selected 
Operating mode * 2.4GHz b/g/n: Up to 145 Mbps 
* 5GHz a/n: Up to 300 Mbps 
Data rate Best 
Output power Full 
Firewall 


Inbound (communications coming in Disabled (bars all unsolicited requests) 
from the Internet) 


Outbound (communications going out | Enabled (all) 
to the Internet) 


*. Maximum wireless signal rate derived from IEEE Standard 802.11 specifications. Actual throughput will vary. Network con- 
ditions and environmental factors, including volume of network traffic, building materials and construction, and 
network overhead, lower actual data throughput rate. 
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Technical Specifications 


Table A-1. WNDR3400 Router Specifications 


Feature 


Network Protocol and Standards C 


General 


ompatibility 


Data and routing protocols 


Power Adapter 


TCP/IP, RIP-1, RIP-2, DHCP, PPPoE, PPTP, Dynamic DNS, UPnP, 
and SMB 


North America 
UK, Australia 


Europe 


120V, 60 Hz, input 
240V, 50 Hz, input 
230V, 50 Hz, input 


All regions (output) 


12V DC @ 1.5A, output 


Environmental 


Operating temperature 


Physical 
Dimensions 8.8" x 6.8" x 1.2" (223 x 153 x 31 mm) 
Weight 1.2 Ibs. (0.5 kg) 


0^to40* C (32° to 104° F) 


Operating humidity 


Electromagnetic Emissions 


9096 maximum relative humidity, noncondensing 


Meets requirements of 


FCC Part 15 Class B 
VCCI Class B 
EN 55 022 (CISPR 22), Class B C-Tick N10947 
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Table A-1. WNDR3400 Router Specifications (continued) 


Interface Specifications 


LAN 
WAN 


Wireless 


10BASE-T or 100BASE-Tx, RJ-45 
10BASE-T or 100BASE-Tx, RJ-45 


Maximum wireless signal rate complies with the IEEE 802.11 
standard. See the footnote for this table. 


Radio data rates 


Data encoding standards 


Maximum computers per 
wireless network 


Auto Rate Sensing 


IEEE 802.11n version 2.0 
IEEE 802.11n, IEEE 802.11g, IEEE 802.11b 2.4 GHz 
IEEE 802.11n, IEEE 802.11a 5.0 GHz 


Limited by the amount of wireless network traffic generated by each 
node (typically 50—70 nodes). 


Operating frequency ranges 
2.4 GHz 


Operating frequency ranges 
5 GHz 


2.412-2.462 GHz (US) 
2.412-2.472 GHz (Japan) 
2.412-2.472 GHz (Europe ETSI) 


5.18-5.24 + 5.745-5.825 GHz (US) 
5.18-5.24 GHz (Europe ETSI) 


FCC: 
5.25-5.35 GHz (DFS band) 
5.47-5.725 GHz (DFS band) 5600-5650MHz is disabled and 
unavailable for use 
CE (Europe ETSI): 
5.25-5.35 GHz (DFS band) 
5.47—5.725 GHz (DFS band) 


802.11 security 


40-bit (also called 64-bit) and 128-bit WEP, WPA-PSK, and 
WPA2-PSK. 
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Appendix B 
Related Documents 


This appendix provides links to reference documents you can use to gain a more complete 
understanding of the technologies used in your NETGEAR product. 


Document 


Link 


TCP/IP Networking Basics 
Wireless Networking Basics 
Preparing Your Network 


Virtual Private Networking 
Basics 


Glossary 


http://documentation.netgear.com/reference/enu/tcpip/index.htm 
http://documentation.netgear.com/reference/enu/wireless/index.htm 
http://documentation.netgear.com/reference/enu/wsdhcp/index.htm 


http://documentation.netgear.com/reference/enu/vpn/index.htm 


http://documentation.netgear.com/reference/enu/glossary/index.htm 


In addition, you can find initial setup instructions for your wireless router in the NETGEAR 
Wireless Router Setup Manual. 
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